CVE-2014-1814 : The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo

The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability."

Published 2014-08-12 21:55:07

Updated 2019-05-13 18:52:05

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-1814

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1814

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-1814

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1814

http://www.securityfocus.com/bid/69112

Microsoft Windows Installer Service CVE-2014-1814 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
http://secunia.com/advisories/60674

Sign in
Third Party Advisory
http://www.securitytracker.com/id/1030719

Microsoft Windows Installer Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-049

Microsoft Security Bulletin MS14-049 - Important | Microsoft Docs
Patch;Vendor Advisory

Products affected by CVE-2014-1814

Microsoft » Windows Server 2003 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For Itanium
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt » Version: N/A
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-1814

Exploit prediction scoring system (EPSS) score for CVE-2014-1814

CVSS scores for CVE-2014-1814

CWE ids for CVE-2014-1814

References for CVE-2014-1814

Products affected by CVE-2014-1814