New Search

.NET ClickOnce elevation of privilege vulnerability - CVE-2014-4073 (MS14-057)

oval:org.mitre.oval:def:26910

Microsoft .NET Framework 2.0 SP2 3.5 3.5.1 4 4.5 4.5.1 and 4.5.2 processes unverified data during interaction with the ClickOnce installer which allows remote attackers to gain privileges via vectors involving Internet Explorer aka ".NET ClickOnce Elevation of Privilege Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8
  • Microsoft Windows Vista
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2014-4073
Product(s):
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 4.5.2
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4.5.1
  • Microsoft .NET Framework 4.5