CVE-2014-9113 in ProSystem fx Engagementinfo

Summary

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

11/26/2014

Disclosure

12/02/2014

Moderation

VulDB entry created

Entries

VDB-73054

CPE

ready

CWE

CWE-264 (Confirmed)

Exploit

Download

CVSS

8.4

EPSS

0.01522

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9113
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9113
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9113/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!