Back to CVE Browser

CVE-2014-4073

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0030%

EPSS Percentile10.76th

PublishedOct 15, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

.net Framework

= 2.0

📦

Microsoft

.net Framework

= 3.5

📦

Microsoft

.net Framework

= 3.5.1

📦

Microsoft

.net Framework

= 4.0

📦

Microsoft

.net Framework

= 4.5

📦

Microsoft

.net Framework

= 4.5.1

📦

Microsoft

.net Framework

= 4.5.2

References & Advisories

🔗 http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70313

🔗 http://www.securitytracker.com/id/1031021

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

🔗 http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70313

Related Vulnerabilities

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...