CVE-2014-4114
Published: 15 October 2014
Summary
CVE-2014-4114 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
The vulnerability tracked as CVE-2014-4114 is an OLE remote code execution flaw present in multiple supported Windows releases, specifically Vista SP2, Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 and 8.1, Server 2012 Gold and R2, and Windows RT Gold and 8.1. It resides in the handling of OLE objects embedded inside Office documents and carries a CVSS 3.1 base score of 7.8.
An attacker can deliver a specially crafted Office document containing a malicious OLE object; once the recipient opens the document, arbitrary code executes in the context of the current user. The flaw was observed being exploited in targeted “Sandworm” campaigns between June and October 2014.
Microsoft’s October 2014 security updates address the issue across the affected platforms. Corresponding vendor advisories and technical write-ups recommend applying those patches as the primary mitigation and note the availability of workarounds such as disabling OLE object activation where operationally feasible.
Public exploit code and detailed infection-chain analyses have been published, confirming that the vulnerability saw active, real-world use prior to patch availability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-4045
Vulnerability details
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted…
more
OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor security updates that remediate the OLE parsing flaw before exploitation can succeed.
Enforces disabling or restricting OLE object activation in Office applications, exactly matching the published workaround that blocks the attack vector.
Requires malicious-code protection mechanisms capable of inspecting Office documents for the crafted OLE objects used in Sandworm exploits.