⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2014-1807Microsoft Windows Server 2008 vulnerability

CWE-2645 documents4 sources
Severity
7.2HIGHNVD
EPSS
3.1%
top 13.12%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedMay 14
Latest updateMay 14

Description

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cr6g-jxw7-2xjq: The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wind2022-05-14
VulnCheck
Windows Shell File Association Vulnerability2014

🕵️Threat Intelligence

2
Talos
Microsoft Update Tuesday May 2014: relatively light month2014-05-13
Talos
Microsoft Update Tuesday May 2014: relatively light month2014-05-13