#VU5046 Type Traversal Vulnerability in Microsoft .NET Framework - CVE-2014-0257
Published: January 19, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU5046
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2014-0257
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Microsoft .NET Framework
Microsoft .NET Framework
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The weakness exists due to the failure to properly verify safety of a method for execution within Microsoft .NET Framework. A remote attacker can run a specially crafted Web site, trick the victim into visiting it and gain elevated privileges and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to the failure to properly verify safety of a method for execution within Microsoft .NET Framework. A remote attacker can run a specially crafted Web site, trick the victim into visiting it and gain elevated privileges and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.