Lucene search

[email protected]CVE-2014-9141

HistoryDec 03, 2014 - 1:59 a.m.

CVE-2014-9141

2014-12-0301:59:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-9141

thomson reuters

fixed assets cs

installer

weak permissions

connectbgdl.exe

arbitrary code execution

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.

Affected configurations

NVD

Node

thomsonreutersfixed_assets_csRange≤13.1.4

CPENameOperatorVersion
thomsonreuters:fixed_assets_csthomsonreuters fixed assets csle13.1.4

CPE	Name	Operator	Version
thomsonreuters:fixed_assets_cs	thomsonreuters fixed assets cs	le	13.1.4

References

www.exploit-db.com/exploits/35423

www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

Related for CVE-2014-9141

cvelist1 prion1 nvd1