Vulnerabilities > CVE-2014-4115 - Resource Management Errors vulnerability in Microsoft products

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
microsoft
CWE-399
nessus
NVD
Published: 2014-10-15
Updated: 2018-10-12

Summary

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
3

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS14-063
bulletin_url
date2014-10-14T00:00:00
impactElevation of Privilege
knowledgebase_id2998579
knowledgebase_url
severityImportant
titleVulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-063.NASL
descriptionThe remote Windows host is affected by a privilege escalation vulnerability that is due to the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges.
last seen2020-06-01
modified2020-06-02
plugin id78439
published2014-10-15
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/78439
titleMS14-063: Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

Talos

idVRT-2014-0301
last seen2019-05-29
published2014-03-07
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/VRT-2014-0301
titleMicrosoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability

References