Immunity Canvas: SANDWORM

2014-10-1510:55:00

Immunity Canvas

exploitlist.immunityinc.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

Name	sandworm
CVE	CVE-2014-4114 Exploit Pack
Notes: This exploit creates a blank PPSX file (Powerpoint show presentation), to use it you just have to add some stuff to the blank file with Powerpoint (MS Office 2010-2013).The PPSX contains two embedded OLE objects.The first object is the executable shellcode (PE .exe) with gif extension and the second one is a INF file. It looks like there is an issue with the handling of INF files. When a link to an INF file is inserted into a PPSX file, it is opened and immediately executed through the INF Default Install (InfDefaultInstall.exe) program.This vulnerability is a logic fault. The INF file rename the first embedded OLE object to .exe and add it to the registry. This PPSX may be served to vulnerable MS Office 2010 SP2 and 2013 installations on Windows 7 and will execute the embedded INF file without further user interaction on opening of the PPSX.
VENDOR: Microsoft
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114
CVE Name: CVE-2014-4114