Cyber Resilience

CVE-2014-4114

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 15 October 2014

Published
15 October 2014
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9232 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2014-4114 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

The vulnerability tracked as CVE-2014-4114 is an OLE remote code execution flaw present in multiple supported Windows releases, specifically Vista SP2, Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 and 8.1, Server 2012 Gold and R2, and Windows RT Gold and 8.1. It resides in the handling of OLE objects embedded inside Office documents and carries a CVSS 3.1 base score of 7.8.

An attacker can deliver a specially crafted Office document containing a malicious OLE object; once the recipient opens the document, arbitrary code executes in the context of the current user. The flaw was observed being exploited in targeted “Sandworm” campaigns between June and October 2014.

Microsoft’s October 2014 security updates address the issue across the affected platforms. Corresponding vendor advisories and technical write-ups recommend applying those patches as the primary mitigation and note the availability of workarounds such as disabling OLE object activation where operationally feasible.

Public exploit code and detailed infection-chain analyses have been published, confirming that the vulnerability saw active, real-world use prior to patch availability.

EU & UK References

Vulnerability details

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted…

more

OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows 8
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor security updates that remediate the OLE parsing flaw before exploitation can succeed.

prevent

Enforces disabling or restricting OLE object activation in Office applications, exactly matching the published workaround that blocks the attack vector.

preventdetect

Requires malicious-code protection mechanisms capable of inspecting Office documents for the crafted OLE objects used in Sandworm exploits.

References