Published: 15/10/2014 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 961

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote malicious users to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows vista
microsoft windows server 2008
microsoft windows rt -
microsoft windows 8.1 -
microsoft windows 8 -
microsoft windows server 2008 r2
microsoft windows 7 -
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows rt 8.1 -

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to b ...

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm" Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...

# !/usr/bin/python # Windows OLE RCE Exploit MS14-060 (CVE-2014-4114) Sandworm # Author: Mike Czumak (T_v3rn1x) - @SecuritySift # Written: 10/21/2014 # Tested Platform(s): Windows 7 SP1 (w/ exploit script run on Kali Linux) # You are free to reuse this code in part or in whole with the exception of commercial applications # For a demo of this Po ...

#!/usr/bin/env python import os import zipfile import sys ''' Full Exploit: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019targz Very quick and ugly [SandWorm CVE-2014-4114] exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date: 17/10/2014 Exploit Author: Vlad O ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...

# # Full exploit: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216rar # #CVE-2014-6352 OLE Remote Code Execution #Author Abhishek Lyall - abhilyall[at]gmail[dot]com, info[at]aslitsecurity[dot]com #Advanced Hacking Trainings - trainingaslitsecuritycom #Web - wwwaslitsecuritycom/ #Blog - http ...

PoC collection

PoC Collection Index CVE-2014-4114 -- PowerPoint RCE CVE-2014-6271 -- Shell Shock CVE-2014-6332 -- VBScript RCE in IE CVE-2015-1328 -- Ubuntu local root exploit

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Threat INTel Reports Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to) Useful as a reference when you emulate threat actors on a daily basis Please create an issue if I'm missing a relevant Report Note: If you are looking for every type of publicly available documents and notes related to APTs have a look at APTnotes a

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Threat INTel Reports Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to) Useful as a reference when you emulate/simulate threat actors on a daily basis, or you are interested in TTPs/IOCs Please create an issue if I'm missing a relevant Report Hint: If you are looking for every type of publicly available documents and no

Copy paste slacker hackers pop corp locks in ode to stolen code

The Register • Darren Pauli • 08 Jul 2016

Github, your ticket to world domination

The ultimate copy paste slacker hacker group has busted security controls in some 2500 corporates and government agencies using nothing but stolen code. The targets focus on those affiliated with military and political assignments around Southeast Asia and the contentious South China Sea, and may have been compromised in a little over six months. The group dubbed Patchwork for its use of multiple proof-of-concept and tools is detailed by researchers with Israeli deceptive infosec firm Cymmetria ...

The Register • John Leyden • 30 Oct 2014

From espionage to cybercrime

The Sandworm vulnerability is being actively abused to attack Swiss banking customers, Danish security consultancy CSIS has warned. CSIS reports that the attacks are pushing the latest version of the Dyre banking trojan. Attacks arrive as spam emails under the guise of information about unpaid invoices. In reality the PowerPoint attachment to these messages is booby-trapped to exploit the Sandworm vulnerability and infect insecure Windows PCs. Sandworm first reared its ugly head earlier this mon...

The Register • John Leyden • 22 Oct 2014

Might put out patch in update, might chuck it out sooner

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in "limited, targeted attacks". The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped fi...

Securelist • Kurt Baumgartner • 14 Oct 2014

Update (2014.10.15) – administrative notes for preparation… Friends on Twitter let me know their update cycle took close to 20 minutes on Windows 7. Yesterday, others on 8.1 told me their update download was around a gig, for some it was ~200 mb. Also, this cycle likely requires everyone a reboot to complete. ******* This morning was possibly one of the most information rich in the history of Microsoft’s patch Tuesdays. Last month, we pointed out the Aurora Panda/DeputyDog actor was l...

The Register • Simon Sharwood • 14 Oct 2014

Fix imminent from Microsoft for Vista, Server 2008, other stuff

Russians hackers have exploited a zero-day vulnerability in Microsoft Windows to hijack and snoop on PCs and servers used by NATO and the European Union, says security biz iSight. The software flaw is present in desktop and server flavors of the Redmond operating system, from Vista and Server 2008 to current versions. No patch for the hole exists yet, but is expected to be fixed in today's Patch Tuesday update from Microsoft. iSight has dubbed the vulnerability (CVE-2014-4114) “SandWorm”, an...

CVE-2014-4114

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect