| Name | sandworm |
| CVE | CVE-2014-4114 |
| Exploit Pack | CANVAS |
| Description | Sandworm - MS14-060 - Windows OLE Remote Code Execution Vulnerability. |
| Notes | Repeatability: Infinite Notes: This exploit creates a blank PPSX file (Powerpoint show presentation), to use it you just have to add some stuff to the blank file with Powerpoint (MS Office 2010-2013).The PPSX contains two embedded OLE objects.The first object is the executable shellcode (PE .exe) with gif extension and the second one is a INF file. It looks like there is an issue with the handling of INF files. When a link to an INF file is inserted into a PPSX file, it is opened and immediately executed through the INF Default Install (InfDefaultInstall.exe) program.This vulnerability is a logic fault. The INF file rename the first embedded OLE object to .exe and add it to the registry. This PPSX may be served to vulnerable MS Office 2010 SP2 and 2013 installations on Windows 7 and will execute the embedded INF file without further user interaction on opening of the PPSX. VENDOR: Microsoft CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114 CVE Name: CVE-2014-4114 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |