CVE-2014-4073

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2

Description The issue allows remote attackers to gain privileges via vectors involving Internet Explorer. It exists in Microsoft .NET Framework and allows an attacker to elevate privileges on the targeted system. The vulnerability is related to the processing of unverified data during interaction with the ClickOnce installer.

Recommendations For Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, consider restricting interaction with the ClickOnce installer until a patch is available. As a temporary workaround, consider disabling the ClickOnce installer functionality to minimize the risk of exploitation. Avoid using Internet Explorer to interact with potentially vulnerable systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.