Vigil@nce - Microsoft .NET: privilege escalation via .NET Remoting
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use .NET Remoting of Microsoft .NET,
in order to escalate his privileges.
Impacted products: .NET Framework
Severity: 2/4
Creation date: 12/11/2014
DESCRIPTION OF THE VULNERABILITY
The .NET Remoting is used by application to communicate and share
data.
However, it does not correctly check objects with TypeFilterLevel.
An authenticated attacker can therefore use .NET Remoting of
Microsoft .NET, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-NET-privilege-escalation-via-NET-Remoting-15618