CVE-2014-9141

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
thomsonreutersfixed_assets_cs
𝑥
≤ 13.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/35423
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html
http://www.exploit-db.com/exploits/35423
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html