Type Traversal Vulnerability in Microsoft .NET Framework - CVE-2014-0257
Published: January 19, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU5046
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2014-0257
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Microsoft .NET Framework
Microsoft .NET Framework
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The weakness exists due to the failure to properly verify safety of a method for execution within Microsoft .NET Framework. A remote attacker can run a specially crafted Web site, trick the victim into visiting it and gain elevated privileges and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to the failure to properly verify safety of a method for execution within Microsoft .NET Framework. A remote attacker can run a specially crafted Web site, trick the victim into visiting it and gain elevated privileges and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2014-0257
Install update from vendor's website.