CVE-2014-4115

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
http://secunia.com/advisories/60975
http://www.securityfocus.com/bid/70343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
http://secunia.com/advisories/60975
http://www.securityfocus.com/bid/70343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*

History

No history.

Information

Published : 2014-10-15 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4115

Mitre link : CVE-2014-4115

CVE.ORG link : CVE-2014-4115

JSON object : View

Products Affected

microsoft

windows_server_2008
windows_server_2003
windows_vista

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2014-4115", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-15T10:55:07.863", "references": [{"url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/60975", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/70343", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063", "source": "secure@microsoft.com"}, {"url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/60975", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70343", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka \"Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability.\""}, {"lang": "es", "value": "fastfat.sys (tambi\u00e9n conocido como the FASTFAT driver) en los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Vista SP2, y Server 2008 SP2 no asigna debidamente la memoria, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (escritura de memoria reservada) mediante la conexi\u00f3n de un dispositivo USB manipulado, tambi\u00e9n conocido como 'vulnerabilidad de la elevaci\u00f3n de privilegios del controlador de la partici\u00f3n de del disco de Microsoft Windows.'"}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}