CVE-2014-9141

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.exploit-db.com/exploits/35423	Exploit
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html
http://www.exploit-db.com/exploits/35423	Exploit
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:thomsonreuters:fixed_assets_cs:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://www.exploit-db.com/exploits/35423 - Exploit~~	() http://www.exploit-db.com/exploits/35423 - Exploit
References	~~() http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html -~~	() http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html -

Information

Published : 2014-12-03 01:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-9141

Mitre link : CVE-2014-9141

CVE.ORG link : CVE-2014-9141

JSON object : View

Products Affected

thomsonreuters

fixed_assets_cs

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-9141", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-03T01:59:01.330", "references": [{"url": "http://www.exploit-db.com/exploits/35423", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/35423", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program."}, {"lang": "es", "value": "El instalador en Thomson Reuters Fixed Assets CS 13.1.4 y anteriores utiliza permiso d\u00e9biles para connectbgdl.exe, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante la modificaci\u00f3n de este programa."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thomsonreuters:fixed_assets_cs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F81FA41E-FE35-4C28-AB1A-A1ADC4F0610B", "versionEndIncluding": "13.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10