Privilege escalation in CodeMeter Runtime - CVE-2014-8419
Published: May 17, 2018
Vulnerability identifier: #VU12809
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2014-8419
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Wibu Systems
Affected software:
CodeMeter Runtime
CodeMeter Runtime
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in codemeter.exe due to weak permissions when installed with the default settings. A local attacker can submit a specially crafted Trojan horse file, gain read and write access and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in codemeter.exe due to weak permissions when installed with the default settings. A local attacker can submit a specially crafted Trojan horse file, gain read and write access and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2014-8419
Update to version 5.20.