Microsoft Windows OLE Package Manager Remote Code Execution Vulnerabilities

Summary

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a ‘Sandworm’ attack in June through October 2014, aka ‘Windows OLE Remote Code Execution Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1

Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

CVE Information:
CVE-2014-4114

Disclosure Timeline:
Original release date: 10/15/2014
Last revised: 11/18/2014

Categories: Windows