CVE-2014-9141

Thomson Reuters Fixed Assets CS <13.1.4 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9141. PoCs published by Information Paradox.

AI-analyzed exploit summary This is a writeup describing a local privilege escalation vulnerability in Thomson Reuters Fixed Assets CS <=13.1.4. The vulnerability allows authenticated users to modify or replace an executable that runs at system startup, potentially escalating privileges to the highest privileged user level.

Description

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.

Exploits (1)

exploitdb WRITEUP
by Information Paradox · textlocalwindows
https://www.exploit-db.com/exploits/35423

This is a writeup describing a local privilege escalation vulnerability in Thomson Reuters Fixed Assets CS <=13.1.4. The vulnerability allows authenticated users to modify or replace an executable that runs at system startup, potentially escalating privileges to the highest privileged user level.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Thomson Reuters Fixed Assets CS <=13.1.4
Auth required
Prerequisites: Authenticated user access · Ability to modify or replace the executable at C:\WinCSI\Tools\connectbgdl.exe
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35423

Scores

EPSS 0.0121
EPSS Percentile 64.4%

Details

CWE
CWE-264
Status published
Products (1)
thomsonreuters/fixed_assets_cs < 13.1.4
Published Dec 03, 2014
Tracked Since Feb 18, 2026