Published: 22/10/2014 Updated: 20/12/2024

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote malicious users to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 7 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 -
microsoft windows server 2008 r2
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista -

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass The Microsoft update tried to fix the vulnerability publicly known as "Sandworm" Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...

#!/usr/bin/env python import os import zipfile import sys ''' Full Exploit: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019targz Very quick and ugly [SandWorm CVE-2014-4114] exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date: 17/10/2014 Exploit Author: Vlad O ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...

# !/usr/bin/python # Windows OLE RCE Exploit MS14-060 (CVE-2014-4114) Sandworm # Author: Mike Czumak (T_v3rn1x) - @SecuritySift # Written: 10/21/2014 # Tested Platform(s): Windows 7 SP1 (w/ exploit script run on Kali Linux) # You are free to reuse this code in part or in whole with the exception of commercial applications # For a demo of this Po ...

# # Full exploit: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216rar # #CVE-2014-6352 OLE Remote Code Execution #Author Abhishek Lyall - abhilyall[at]gmail[dot]com, info[at]aslitsecurity[dot]com #Advanced Hacking Trainings - trainingaslitsecuritycom #Web - wwwaslitsecuritycom/ #Blog - http ...

IT threat evolution Q3 2016

Securelist • David Emm • 03 Nov 2016

Statistics Download the full report (PDF) Targeted attack campaigns don’t need to be technically advanced in order to be successful. In July 2016 we reported on a group called Dropping Elephant (also known as ‘Chinastrats’ and ‘Patchwork’). Using a combination of social engineering, old exploit code and some PowerShell-based malware this group was able to steal sensitive data from its victims. This group, which has been active since November 2015, targets high profile diplomatic and ...

The Register • Darren Pauli • 11 Aug 2016

Gang has cunning way of hiding itself by using multiple names

Suspected hackers based in India have compromised thousands of computers, going about their business as far back as 2013. The group has been rumbled by three security firms over that time, but was until now considered to be several discrete entities. Now Forcepoint researchers Andy Settle, Nicholas Griffin, and Abel Toro say the Monsoon group, dubbed previously as Patchwork APT, Dropping Elephant, and Operation Hangover, has used spear phishing emails to effectively target organisations with inf...

Securelist • GReAT • 08 Jul 2016

Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and economic targets using a custom set of attack tools. Its victims are all involved with China’s foreign relations in some way, and are generally caught through spear-phishing or watering hole attacks. Overall, the activities of this actor show that low investment and ready-made offensive toolsets can be very effective when combined ...

The Register • John Leyden • 22 Oct 2014

Might put out patch in update, might chuck it out sooner

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in "limited, targeted attacks". The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped fi...

CVE-2014-6352

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect