CVE-2014-9141 - Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8 - CVE: 2014-9141 Product Affected: Fixed Assets CS <=13.1.4 (Workstation Install) Note: 2003/2008 Terminal Services/Published apps may be vulnerable, depending on system configuration. Executables/Services: C:\WinCS\Tools\connectbgdl.exe Attack Detail: - The Fixed Assets CS installer places a system startup item at C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup which executes the utility at C:\WinCS\Tools\connectbgdl.exe. - The executables, by default, allow AUTHENTICATED USERS to modify, replace or alter the file. This allows an attacker to inject their code or replace the executable. - An attacker can use this to escalate privileges to the highest privileged level of user to sign on to the system. The attacker can inject their code or replace the executable and have it run in the context of an authenticated user. Mitigation: - Remove the modify/write permissions on the executables. - Apply vendor patch when distributed. Vulnerability discovered: 11/27/2014 Vendor notified: 12/1/2014 Website: www.information-paradox.net