Vulnerability Details : CVE-2014-4114
Public exploit exists!
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
Vulnerability category: Input validationExecute code
CVE-2014-4114 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2014-4114
Probability of exploitation activity in the next 30 days: 97.00%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-4114
-
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Disclosure Date: 2014-10-14First seen: 2020-04-26exploit/windows/fileformat/ms14_060_sandwormThis module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulner
CVSS scores for CVE-2014-4114
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-4114
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4114
-
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka "Sandworm" - TrendLabs Security Intelligence BlogExploit
-
http://www.exploit-db.com/exploits/35019
Microsoft Windows - OLE Package Manager SandWorm - Windows local ExploitExploit
-
http://www.exploit-db.com/exploits/35055
Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060) - Windows remote ExploitExploit
-
http://www.isightpartners.com/2014/10/cve-2014-4114/
Threat Intelligence Subscriptions | FireEye
-
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
Assessing Risk for the October 2014 Security Updates – Microsoft Security Response CenterVendor Advisory
-
http://www.exploit-db.com/exploits/35020
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) - Windows_x86 local Exploit
-
http://www.securityfocus.com/bid/70419
Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-060
Microsoft Security Bulletin MS14-060 - Important | Microsoft Docs
Products affected by CVE-2014-4114
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*