Jump to content
neox

Windows OLE RCE Exploit MS14-060 (CVE-2014-4114) – Sandworm

By neox, in Reverse engineering & exploit development

Recommended Posts

neox Newbie

neox

Posted
Posted

This recent exploit (dubbed “Sandworm”) took advantage of a vulnerability in which a specially crafted OLE object could allow remote code execution. In the case of the live sample exploit PPSX file I examined, it automatically downloaded the payload from a remote SMB share. I won’t rehash much of the details that others have covered but if you want to read more, here are some resources:

Microsoft Security Bulletin: https://technet.microsoft.com/en-us/library/security/ms14-060.aspx

Original Discovery by iSightPartners: http://www.isightpartners.com/2014/10/cve-2014-4114/Other

Good write-up on D.UIJN.NL: d.uijn.nl | that's me!

video

http://www.securitysift.com/wp-content/uploads/2014/10/ms14_060.mp4

source:Windows OLE RCE Exploit MS14-060 (CVE-2014-4114) - Sandworm - Security SiftSecurity Sift

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...