MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

High Nessus Plugin ID 79132


The version of the .NET Framework installed on the remote host is affected by a privilege elevation vulnerability.


The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability related to how it handles TypeFilterLevel checks for some malformed objects. This can be used by a remote attacker to gain privilege elevation via a specially crafted packet sent to a host that is using .NET Remoting.


Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.

See Also

Plugin Details

Severity: High

ID: 79132

File Name: smb_nt_ms14-072.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Published: 2014/11/12

Modified: 2017/07/28

Dependencies: 51351, 57033, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/11/11

Vulnerability Publication Date: 2014/11/11

Reference Information

CVE: CVE-2014-4149

BID: 70979

OSVDB: 114536

MSFT: MS14-072

MSKB: 2978114, 2978116, 2978120, 2978121, 2978122, 2978124, 2978125, 2978126, 2978127, 2978128

IAVA: 2014-A-0173