CVE-2014-9113

CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9113. PoCs published by Information Paradox.

AI-analyzed exploit summary This is a detailed writeup describing a local privilege escalation vulnerability in CCH Wolters Kluwer PFX Engagement <= v7.1. The vulnerability arises from insecure file permissions on service executables, allowing authenticated users to replace or modify them, leading to execution with LOCAL SYSTEM privileges.

Description

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.

Exploits (1)

exploitdb WRITEUP
by Information Paradox · textlocalwindows
https://www.exploit-db.com/exploits/35395

This is a detailed writeup describing a local privilege escalation vulnerability in CCH Wolters Kluwer PFX Engagement <= v7.1. The vulnerability arises from insecure file permissions on service executables, allowing authenticated users to replace or modify them, leading to execution with LOCAL SYSTEM privileges.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: CCH Wolters Kluwer PFX Engagement <= v7.1
Auth required
Prerequisites: Authenticated user access to the system · Presence of vulnerable CCH Wolters Kluwer PFX Engagement installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0164
EPSS Percentile 73.4%

Details

CWE
CWE-264
Status published
Products (1)
cchgroup/prosystem_fx_engagement < 7.1
Published Dec 02, 2014
Tracked Since Feb 18, 2026