CVE-2014-9141

EUVD-2014-8966
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
thomsonreutersfixed_assets_cs
𝑥
≤ 13.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/35423
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html
http://www.exploit-db.com/exploits/35423
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html