Weak Permissions in Thomson Reuters Fixed Assets CS Installer

Weak Permissions in Thomson Reuters Fixed Assets CS Installer

CVE-2014-9141 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.

Learn more about our User Device Pen Test.