CVE-2014-0315

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows Rt
Vendor: CVE Published:; 8 April 2014

Summary

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."

References

http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-01...

x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://seclists.org/fulldisclosure/2020/Jul/33

mailing-listx_refsource_FULLDISC

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2014
Vulnerability Reserved
Dec 3, 2013

Collectors

NVD DatabaseMitre Database