Vulnerability Details : CVE-2014-4073
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
Products affected by CVE-2014-4073
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
Threat overview for CVE-2014-4073
Top countries where our scanners detected CVE-2014-4073
Top open port discovered on systems with this issue
443
IPs affected by CVE-2014-4073 85,846
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-4073!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-4073
1.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4073
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-4073
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4073
-
http://www.securitytracker.com/id/1031021
Microsoft .NET Bugs Let Remote Users Bypass ASLR Security Protections and Execute Arbitrary Code - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057
Microsoft Security Bulletin MS14-057 - Critical | Microsoft Docs
-
http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx
More Details About CVE-2014-4073 Elevation of Privilege Vulnerability – Microsoft Security Response CenterVendor Advisory
-
http://www.securityfocus.com/bid/70313
Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability
Jump to