CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.6%
Added: 10/24/2014
CVE: CVE-2014-4114
BID: 70419
OSVDB: 113140
OLE (Object Linking and Embedding) is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For example, a compound Microsoft Word document may contain an embedded Microsoft Excel spreadsheet (or OLE object). This technology also enables in-place editing; instead of launching a new application when an OLE object is activated, the user instead sees a new set of menu items inside their existing application.
Setup information files (.INF file extension) are scripts containing registry commands that support the launching of executables by using an “install” verb. The system registry stores an instruction that assists in running the install verb specified within .INF files.
This exploit is publicly known as Sandworm because the vulnerability has been exploited in the wild by Russian attackers known as the Sandworm team.
Microsoft Windows OLE package manager (packager.dll) contains a flaw in the CPackage::DoVerb() function that allows downloading and executing INF files. A remote attacker who entices a vulnerable user to open a specially crafted PowerPoint document may be able to execute arbitrary commands in the context of the user.
Apply the patch as described in Microsoft Security Bulletin MS14-060.
<https://technet.microsoft.com/library/security/ms14-060>
<http://www.isightpartners.com/2014/10/cve-2014-4114/>
Exploit works on Microsoft Windows 7 SP1 64-bit with Microsoft Office 2013.
One of the programs **smbclient**
or **mount_smbfs**
must be available on the SAINT host.
An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.
Windows 7
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.6%