Vulnerability Description
fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-octoberVendor Advisory
- http://secunia.com/advisories/60975
- http://www.securityfocus.com/bid/70343
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-06
- http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-octoberVendor Advisory
- http://secunia.com/advisories/60975
- http://www.securityfocus.com/bid/70343
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-06
FAQ
What is CVE-2014-4115?
CVE-2014-4115 is a vulnerability with a CVSS score of 7.2 (HIGH). fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximat...
How severe is CVE-2014-4115?
CVE-2014-4115 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4115?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.