CVE-2014-4073

EUVD-2014-4004
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.0
microsoft.net_framework
4.5
microsoft.net_framework
4.5.1
microsoft.net_framework
4.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx
http://secunia.com/advisories/60969
http://www.securityfocus.com/bid/70313
http://www.securitytracker.com/id/1031021
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057
http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx
http://secunia.com/advisories/60969
http://www.securityfocus.com/bid/70313
http://www.securitytracker.com/id/1031021
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057