Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2014-4114

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

POC

Reference

- http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/

- http://www.exploit-db.com/exploits/35019

- http://www.exploit-db.com/exploits/35055

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

- https://github.com/DarkenCode/PoC

- https://github.com/Kuromesi/Py4CSKG

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Panopticon-Project/Panopticon-Patchwork

- https://github.com/R0B1NL1N/APTnotes

- https://github.com/cone4/AOT

- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections

- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections

- https://github.com/eric-erki/threat-INTel

- https://github.com/houjingyi233/office-exploit-case-study

- https://github.com/houseofxyz/threat-INTel

- https://github.com/iwarsong/apt

- https://github.com/jack8daniels2/threat-INTel

- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections

- https://github.com/kbandla/APTnotes

- https://github.com/likekabin/APT_CyberCriminal_Campagin_Collections

- https://github.com/likekabin/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/nitishbadole/oscp-note-2

- https://github.com/qiantu88/office-cve

- https://github.com/rmsbpro/rmsbpro

- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections

- https://github.com/wilsonleeee/threat-INTel