CVE-2014-0315

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions XP SP2 through XP SP3 Microsoft Windows Server versions 2003 SP2 through 2008 SP2 and 2008 R2 SP1 Microsoft Windows versions Vista SP2 through 8.1 Microsoft Windows Server versions 2012 through 2012 R2 Microsoft Windows RT versions Gold through 8.1

Description The issue allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory. This can be demonstrated by a directory that contains a .bat or .cmd file. The vulnerability is related to the handling of .bat and .cmd files launched from an external network, which can be exploited to gain full control over the system. This allows an attacker to install programs, view, modify, or delete data, and create new accounts with full user rights. Users with limited system rights are less exposed to this issue than users working with administrator rights.

Recommendations For Microsoft Windows XP SP2 and SP3, consider disabling the execution of .bat and .cmd files from external sources until a fix is available. For Microsoft Windows Server 2003 SP2, restrict access to the cmd.exe file to minimize the risk of exploitation. For Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1, avoid using .bat and .cmd files from untrusted sources. For Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, apply configuration changes to limit the execution of external .bat and .cmd files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.