CVE-2014-4115

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

Published: Oct 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4115
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2003	-	-
microsoft / windows_vista	-	-
microsoft / windows_server_2008	-	-

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
http://secunia.com/advisories/60975
http://www.securityfocus.com/bid/70343
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-063

Vulnerability Database

289,599

CVE-2014-4115