Vulnerability Details : CVE-2014-4114
Public exploit exists!
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2014-4114
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
CVE-2014-4114 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2014-4114
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2014-4114
96.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-4114
-
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Disclosure Date: 2014-10-14First seen: 2020-04-26exploit/windows/fileformat/ms14_060_sandwormThis module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulner
CVSS scores for CVE-2014-4114
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-16 |
References for CVE-2014-4114
-
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka "Sandworm" - TrendLabs Security Intelligence BlogExploit
-
http://www.exploit-db.com/exploits/35019
Microsoft Windows - OLE Package Manager SandWorm - Windows local ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/35055
Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060) - Windows remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.isightpartners.com/2014/10/cve-2014-4114/
Threat Intelligence Subscriptions | FireEyeBroken Link
-
http://osvdb.org/show/osvdb/113140
Broken Link
-
http://secunia.com/advisories/60972
Sign inBroken Link
-
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx
Assessing Risk for the October 2014 Security Updates – Microsoft Security Response CenterBroken Link;Vendor Advisory
-
http://www.exploit-db.com/exploits/35020
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) - Windows_x86 local ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/70419
Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-060
Microsoft Security Bulletin MS14-060 - Important | Microsoft DocsPatch;Vendor Advisory
Jump to