Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0315

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-0315
Last Modified 09 Apr 2014 07:21:46
Published 08 Apr 2014 07:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0315

Summary

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows Xp -


References

MS - MS14-019

CONFIRM - http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx

Related Patches

MS14-019 Security Update for Windows XP (KB2922229)

MS14-019 Security Update for Windows Vista (KB2922229)

MS14-019 Security Update for Windows Server 2003 (KB2922229)

MS14-019 Security Update for Windows Server 2008 (KB2922229)

MS14-019 Security Update for Windows Vista x64 (KB2922229)

MS14-019 Security Update for Windows Server 2008 x64 (KB2922229)

MS14-019 Security Update for Windows Server 2003 x64 (KB2922229)


Last Updated: 27 May 2016 11:04:52