Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation

🗓️ 02 Dec 2014 00:00:00Reported by Information ParadoxType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 23 Views

Thomson Reuters Fixed Assets CS 13.1.4 Local Privilege Escalation/Code Execution on Window

Code
# Exploit Title: Thomson Reuters Fixed Assets CS <=13.1.4 Local Privilege
Escalation/Code Execution



# Date: 12/1/14

# Exploit Author: [email protected]

# Vendor Homepage: https://cs.thomsonreuters.com

# Version: Fixed Assets CS <=13.1.4 Local Privilege Escalation/Code
Execution

# Tested on: Windows XP -> Windows 7, Windows 8

# CVE : 2014-9141



Product Affected:


Fixed Assets CS <=13.1.4 (Workstation Install)


Note: 2003/2008 Terminal Services/Published apps **may** be vulnerable,
depending on system configuration.


This vulnerability has been reference checked against multiple

installs. This configuration was identical across all systems and each

version encountered.


Executables/Services:


C:\WinCSI\Tools\connectbgdl.exe


Attack Detail:


The Fixed Assets CS installer places a system startup item at
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup


Which then executes the utility at C:\WinCSI\Tools\connectbgdl.exe.










The executables that are installed, by default, allow AUTHENTICATED USERS


to modify, replace or alter the file.





This would allow an attacker to inject their code or replace the executable
and have it run in the context


of an authenticated user.



An attacker can use this to escalate privileges to the highest privileged
level of user to sign on to the system. This would require them to stop the
vulnerable executable


or reboot the system. The executable appears to only allow on instance to
be executed at a time by default, the attacker would need to restart or
kill the process. These are the default settings for this process.






This could compromise a machine on which it was


installed, giving the process/attacker access to the machine in


question or execute code as that user.



An attacker can replace the file or append code to the


executable, reboot the system or kill the process and it would then


compromise the machine when a higher privileged user (administrator) logged
in.



This affects workstation builds. It may be possible on legacy
servers/published application platforms but this was not tested.




Remediation:



Remove the modify/write permissions on the executables to allow only


privileged users to alter the files.


Apply vendor patch when distributed.




Vulnerability Discovered: 11/27/2014


Vendor Notified: 12/1/2014






Website: www.information-paradox.net


This vulnerability was discovered by [email protected]. Please


credit the author in all references to this exploit.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Dec 2014 00:00Current
7High risk
Vulners AI Score7
thomson reutersfixed assets cs13.1.4local privilege escalationcode executionwindowsvulnerability discoveryvendor notificationremediation[email protected]system configurationexecutable permissionsvendor patch.
23