19 matches found
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...
Microsoft-Office-2007-and-2010---OLE-Arbitrary-Command-Execution
CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Tested on win7 - office 2007 and 2010...
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python", 'Description' = %q This module exploits a vulnerabilit...
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...
Microsoft Office 20072010 - OLE Arbitrary Command Execution
Microsoft Office 20072010 - OLE Arbitrary Command Execution Full exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking...
MS Office 2007 and 2010 - OLE Arbitrary Command Execution Exploit
Microsoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required. Full exploit: http://www.exploit-db.com/sploits/35216.r...
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution
Full exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web -...
Microsoft Windows OLE Object Handling Code Execution Vulnerabilities (3011443)
This host is missing a critical security update according to Microsoft Bulletin MS14-064. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
The remote Windows host is affected by multiple vulnerabilities : - A remote code execution vulnerability due to Internet Explorer improperly handling access to objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website in Interne...
CVE-2014-6352
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted...
CVE-2014-6352
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted...
CVE-2014-6352
CVE-2014-6352 is an OLE remote code execution vulnerability in Microsoft Windows where a crafted OLE object can trigger arbitrary code execution. The issue affected Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2008/2012 variants, and Windows RT, with public exploitation reporte...
CVE-2014-6352
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted...
Microsoft Releases Advisory for Unpatched Windows Vulnerability
Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, CVE-2014-6352 which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a...
VulnCheck KEV: CVE-2014-6352
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object...
MS KB3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution (deprecated)
The remote host is missing one of the workarounds referenced in Microsoft Security Advisory 3010060. The version of Microsoft Office installed on the remote host is affected by a remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can exploit this...
CVE-2014-6352
creationtimestamp| type| source ---|---|--- 2014-10-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35020 2014-10-28 09:39:41+00:00| seen| MISP/544f6415-0364-486b-ac0e-4fe6950d210b 2014-11-13 08:13:18+00:00| seen| MISP/54646762-aac0-4921-87b2-1c4a950d210b 2014-11-14...
Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...
Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)
A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...