CVE-2014-4115

Published: Oct 15, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

Affected (3)

Products: Microsoft: Windows Server 2003, Windows Server 2008, Windows Vista

3 products

Windows Server 2003

Windows Server 2008

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions

Related CWEs

References (8)

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/60975

Source: secure@microsoft.com

http://www.securityfocus.com/bid/70343

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063

Source: secure@microsoft.com

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/60975

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/70343

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.