1. CVE-Search
  2. CVE-2014-4114
ID CVE-2014-4114
Summary Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-07-2024 - 17:23)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS14-060
bulletin_url
date 2014-10-14T00:00:00
impact Remote Code Execution
knowledgebase_id 3000869
knowledgebase_url
severity Important
title Vulnerability in Windows OLE Could Allow Remote Code Execution
refmap via4
bid 70419
confirm http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
exploit-db
  • 35019
  • 35020
  • 35055
misc
osvdb 113140
secunia 60972
saint via4
bid 70419
description Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability
id win_patch_ms14060
osvdb 113140
title windows_ole_sandworm
type client
Last major update 16-07-2024 - 17:23
Published 15-10-2014 - 10:55
Last modified 16-07-2024 - 17:23
Back to Top