1 threat card and introduction
CVE-2 0 1 4-4 1 1 4 is in the OLE package Manager the INF arbitrary code execution vulnerability, the vulnerability affects Win Vista, Win7 and aboveoperating system, the attackers used PowerPoint as an attack vector, the vulnerability is in the Microsoft Windows and the server on the OLE package Manager in. In the OLE package file packer.dll in to be able to download and perform a similar INF an external file, allowing the attacker to execute commands.
2 vulnerability principle
For we first obtain the MD5 HASH for 330e8d23ab82e8a0ca6d166755408eb1 of samples for analysis.
Through the analysis tool we can see that this file is embedded with two OLE objects, as follows: