Microsoft Windows up to Vista OLE Object Packager packager.dll input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.15 |
A vulnerability was found in Microsoft Windows up to Vista (Operating System). It has been declared as critical. This vulnerability affects some unknown processing in the library packager.dll of the component OLE Object Packager. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was disclosed 10/14/2014 by Vlad Ovtchinikov with iSIGHT Partners Global Vulnerability Partnership as MS14-060 as confirmed bulletin (Technet). The advisory is available at technet.microsoft.com. The public release has been coordinated in cooperation with the vendor. This vulnerability was named CVE-2014-4114 since 06/12/2014. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known.
A public exploit has been developed by Vlad Ovtchinikov in Ruby and been published 6 days after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 78435 (MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. This issue was added on 03/03/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 03/24/2022:
Apply updates per vendor instructions.Applying the patch MS14-060 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16901.
The vulnerability is also documented in the databases at Tenable (78435) and Exploit-DB (35019). Additional details are provided at krebsonsecurity.com. The entries 67832, 67831, 67806 and 67811 are pretty similar.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
Video
Youtube: Not available anymoreCVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Vlad Ovtchinikov
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 78435
Nessus Name: MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Saint ID: exploit_info/windows_ole_sandworm
Saint Name: Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability
MetaSploit ID: ms14_060_sandworm.rb
MetaSploit Name: MS14-060 Microsoft Windows OLE Package Manager Code Execution
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Patch: MS14-060
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
06/12/2014 🔍10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/15/2014 🔍
10/15/2014 🔍
10/15/2014 🔍
10/20/2014 🔍
10/20/2014 🔍
04/23/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS14-060
Researcher: Vlad Ovtchinikov
Organization: iSIGHT Partners Global Vulnerability Partnership
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2014-4114 (🔍)
OVAL: 🔍
IAVM: 🔍
SecurityTracker: 1031017 - Windows OLE Object Packager Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 46451 - [MS14-060] Microsoft Windows Remote Code Execution via Crafted OLE Objects - CVE-2014-4114, High
SecurityFocus: 70419 - Microsoft Windows CVE-2014-4114 OLE Package Manager Remote Code Execution Vulnerability
Secunia: 60972
OSVDB: 113140
scip Labs: https://www.scip.ch/en/?labs.20140213
Misc.: 🔍
See also: 🔍
Entry
Created: 10/15/2014 11:33Updated: 04/23/2024 10:00
Changes: 10/15/2014 11:33 (86), 04/07/2017 15:04 (19), 02/22/2022 03:25 (3), 02/22/2022 03:34 (1), 04/23/2024 10:00 (23)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.