Описание
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.37747
Средний
9.3 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
EPSS
Процентиль: 97%
0.37747
Средний
9.3 Critical
CVSS2
Дефекты
CWE-20