Untrusted Search Path Vulnerability in Microsoft Windows Products
CVE-2014-0315

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows Rt
Vendor: CVE Published:; 8 April 2014

Summary

This vulnerability in Microsoft Windows allows local users to exploit a flaw in the file handling mechanism, specifically through placing a malicious cmd.exe file in the current working directory. When the system executes commands, it may inadvertently launch the manipulated cmd.exe, enabling unauthorized actions and privilege escalation. The issue is present across multiple Windows versions, creating a potential risk for systems still operating on these platforms.

References

http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-01...

x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://seclists.org/fulldisclosure/2020/Jul/33

mailing-listx_refsource_FULLDISC

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2014
Vulnerability Reserved
Dec 3, 2013