Weak Service Permissions in Wibu-Systems CodeMeter Runtime
CVE-2014-8419

Currently unrated

Key Information:

Vendor: Wibu
Status: Codemeter Runtime
Vendor: CVE Published:; 26 November 2014

What is CVE-2014-8419?

The Wibu-Systems CodeMeter Runtime versions before 5.20 are vulnerable to privilege escalation due to improper permissions set on codemeter.exe. The executable file is accessible for read and write operations by all users, which can lead to exploitation via the introduction of Trojan horse files. Local users could leverage this weakness to gain elevated privileges, posing significant security risks. Organizations utilizing this runtime environment should prioritize updating to the latest version and implementing strict permission settings to mitigate potential threats.

References

http://packetstormsecurity.com/files/129234/CodeMeter-Wea...

x_refsource_MISC

http://www.securityfocus.com/archive/1/534079/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2014
Vulnerability Reserved
Oct 22, 2014