Microsoft .NET TypeFilterLevel Privilege Escalation Vulnerabilities

Summary

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka ‘TypeFilterLevel Vulnerability.’

Credit:

The information has been provided by James Forshaw of Context Information Security .


Details

Vulnerable Systems:
 * Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2

Immune Systems:
 * Microsoft .NET Framework after 4.5.2

Microsoft .NET Framework could allow a remote attacker to gain elevated privileges on the system, caused by improper enforcement of access controls on objects in memory. By sending specially crafted data to a system that uses .NET Remoting, an attacker could exploit this vulnerability to execute arbitrary code and take complete control of the system.

CVE Information:
CVE-2014-4149

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014

Categories: Windows