CVE Vulnerabilities

CVE-2014-1807

Published: May 14, 2014 | Modified: May 15, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka Windows Shell File Association Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_7 Microsoft –sp1 (including) –sp1 (including)
Windows_8 Microsoft - (including) - (including)
Windows_8.1 Microsoft - (including) - (including)
Windows_rt Microsoft - (including) - (including)
Windows_rt_8.1 Microsoft - (including) - (including)
Windows_server_2003 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft r2-sp1 (including) r2-sp1 (including)
Windows_server_2012 Microsoft - (including) - (including)
Windows_server_2012 Microsoft r2 (including) r2 (including)
Windows_vista Microsoft –sp2 (including) –sp2 (including)

References