Description
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
Exploits (1)
exploitdb
WRITEUP
by Information Paradox · textlocalwindows
https://www.exploit-db.com/exploits/35423
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35423
Various Sources x_refsource_misc
http://www.information-paradox.net/2014/12/cve-2014-9141-thomson-reuters-fixed.html
Scores
EPSS
0.0030
EPSS Percentile
53.5%
Details
CWE
CWE-264
Status
published
Products (1)
thomsonreuters/fixed_assets_cs
< 13.1.4
Published
Dec 03, 2014
Tracked Since
Feb 18, 2026