MS14-064 Microsoft Windows OLE Package Manager Code Execution Exploit

This module exploits a vulnerability found in Windows Object Linking and Embedding OLE allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8,...

Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python", 'Description' = %q This module exploits a vulnerabilit...

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

Microsoft Windows - OLE Package Manager SandWorm

!/usr/bin/env python import os import zipfile import sys ''' Full Exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on:...

Microsoft Windows - OLE Package Manager SandWorm

Microsoft Windows - OLE Package Manager SandWorm !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title:...

MS14-060 Microsoft Windows OLE Package Manager Code Execution

This module exploits a vulnerability found in Windows Object Linking and Embedding OLE allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our...

Sandworm（CVE-2 0 1 4-4 1 1 4 related to the threat of a comprehensive analysis of the report — and to chasing shadows Security Platform detection problem of the complex disk-vulnerability warning-the black bar safety net

1 threat card and introduction ! CVE-2 0 1 4-4 1 1 4 is in the OLE package Manager the INF arbitrary code execution vulnerability, the vulnerability affects Win Vista, Win7 and aboveoperating system, the attackers used PowerPoint as an attack vector, the vulnerability is in the Microsoft Windows...

Windows arbitrary code execution 0day（CVE-2 0 1 4-4 1 1 4）analysis report-vulnerability warning-the black bar safety net

Tomorrow release patch windows all platforms all can trigger the OLE package Manager the INF arbitrary code execution vulnerability, CVE-2 0 1 4-4 1 1 4 in. The vulnerability affects Windows vista,win7 and aboveoperating system, the use of the Microsoft document you can trigger the vulnerability,...

Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user...

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization NATO, Ukrainian and Polish government agencies, and a variety of sensitive European industries over...