返回 CVE 浏览器

CVE-2014-4073

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0030%

EPSS Percentile10.76th

Published2014年10月15日

Last Modified2026年5月6日

Vulnerability Description

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

.net Framework

= 2.0

📦

Microsoft

.net Framework

= 3.5

📦

Microsoft

.net Framework

= 3.5.1

📦

Microsoft

.net Framework

= 4.0

📦

Microsoft

.net Framework

= 4.5

📦

Microsoft

.net Framework

= 4.5.1

📦

Microsoft

.net Framework

= 4.5.2

References & Advisories

🔗 http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70313

🔗 http://www.securitytracker.com/id/1031021

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057

🔗 http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx

🔗 http://secunia.com/advisories/60969

🔗 http://www.securityfocus.com/bid/70313

相关漏洞威胁

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...