1. CVE-Search
  2. CVE-2014-4121
ID CVE-2014-4121
Summary Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 22:07)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS14-057
bulletin_url
date 2014-10-14T00:00:00
impact Remote Code Execution
knowledgebase_id 3000414
knowledgebase_url
severity Critical
title Vulnerabilities in .NET Framework Could Allow Remote Code Execution
refmap via4
bid 70351
sectrack 1031021
secunia 60969
Last major update 12-10-2018 - 22:07
Published 15-10-2014 - 10:55
Last modified 12-10-2018 - 22:07
Back to Top