CVE-2014-9113

Name of the Vulnerable Software and Affected Versions CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) versions 7.1 and earlier

Description The issue concerns weak permissions for certain service files, specifically Pfx.Engagement.WcfServices, PFXEngDesktopService, PFXSYNPFTService, and P2EWinService, which are set to allow Authenticated Users to modify and write. This weakness can be exploited by local users to gain LocalSystem privileges through the use of a Trojan horse file.

Recommendations For versions 7.1 and earlier, consider restricting the permissions of the service files Pfx.Engagement.WcfServices, PFXEngDesktopService, PFXSYNPFTService, and P2EWinService to prevent unauthorized modifications. As a temporary workaround, monitor these files closely for any suspicious activity until a more permanent solution is available.