| Vulnerability Name: | CVE-2014-4073 (CCN-95550) | ||||||||
| Assigned: | 2014-10-14 | ||||||||
| Published: | 2014-10-14 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CONFIRM Type: Vendor Advisory http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx Source: MITRE Type: CNA CVE-2014-4073 Source: SECUNIA Type: UNKNOWN 60969 Source: CCN Type: Microsoft Security Bulletin MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) Source: CCN Type: Microsoft Security Bulletin MS15-118 Security Updates for .NET Framework to Address Elevation of Privilege (3104507) Source: CCN Type: Microsoft Security Bulletin MS16-065 Security Update for .NET Framework (3156757) Source: BID Type: UNKNOWN 70313 Source: CCN Type: BID-70313 Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1031021 Source: MS Type: UNKNOWN MS14-057 Source: XF Type: UNKNOWN ms-dotnet-cve20144073-priv-esc(95550) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||