CVE-2014-4115

2014-10-1510:55:07

CWE-399

[email protected]

web.nvd.nist.gov

fastfat

windows

arbitrary code execution

usb device

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.7%

JSON

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka “Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2

microsoftwindows_vistasp2

CPENameOperatorVersion
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_vista	microsoft windows vista	eq	*