← back
CVE-2014-4114

CVE-2014-4114

CVSS 7.8 HIGHEPSS 81.6%● KEV
In short

A flaw in Windows allows attackers to run malicious code by embedding a specially crafted object in Office documents (like Word or Excel). When someone opens the document, the code executes automatically without needing additional user actions.

Technical detail

Remote code execution vulnerability in Windows OLE (Object Linking and Embedding) handling affecting multiple OS versions. Attack vector is user interaction with Office documents containing malicious OLE objects; execution occurs in the security context of the user opening the file. Impacts confidentiality, integrity, and availability through arbitrary code execution.

Summary generated and translated by AI from the official description.
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found10
githubgithub.com/gousseine-systems/vuln-rabilit-windows70cve_referencewww.exploit-db.com/exploits/35020unverifiedcve_referencewww.exploit-db.com/exploits/35055unverifiedexploitdbwww.exploit-db.com/exploits/35216unverifiedexploitdbwww.exploit-db.com/exploits/35236unverifiedexploitdbwww.exploit-db.com/exploits/35235unverifiedexploitdbwww.exploit-db.com/exploits/35019unverifiedexploitdbwww.exploit-db.com/exploits/35055unverifiedcve_referencewww.exploit-db.com/exploits/35019unverifiedexploitdbwww.exploit-db.com/exploits/35020unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/http://osvdb.org/show/osvdb/113140https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-060http://secunia.com/advisories/60972https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4114http://www.exploit-db.com/exploits/35019http://www.exploit-db.com/exploits/35020http://www.exploit-db.com/exploits/35055http://www.isightpartners.com/2014/10/cve-2014-4114/http://www.securityfocus.com/bid/70419