9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Name | sandworm |
---|---|
CVE | CVE-2014-4114 Exploit Pack |
Notes: This exploit creates a blank PPSX file (Powerpoint show presentation), to use it you just have to add some stuff to the blank file with Powerpoint (MS Office 2010-2013).The PPSX contains two embedded OLE objects.The first object is the executable shellcode (PE .exe) with gif extension and the second one is a INF file. It looks like there is an issue with the handling of INF files. When a link to an INF file is inserted into a PPSX file, it is opened and immediately executed through the INF Default Install (InfDefaultInstall.exe) program.This vulnerability is a logic fault. The INF file rename the first embedded OLE object to .exe and add it to the registry. This PPSX may be served to vulnerable MS Office 2010 SP2 and 2013 installations on Windows 7 and will execute the embedded INF file without further user interaction on opening of the PPSX. | |
VENDOR: Microsoft | |
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114 | |
CVE Name: CVE-2014-4114 |