CVE-2014-4115

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-4115
fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx Vendor Advisory
http://secunia.com/advisories/60975
http://www.securityfocus.com/bid/70343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx Vendor Advisory
http://secunia.com/advisories/60975
http://www.securityfocus.com/bid/70343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx - Vendor Advisory () http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx - Vendor Advisory
References () http://secunia.com/advisories/60975 - () http://secunia.com/advisories/60975 -
References () http://www.securityfocus.com/bid/70343 - () http://www.securityfocus.com/bid/70343 -
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063 -
Information

Published : 2014-10-15 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4115

Mitre link : CVE-2014-4115

CVE.ORG link : CVE-2014-4115

JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_vista
  • windows_server_2003
CWE
CWE-399

Resource Management Errors