CVE-2014-6332

HIGH KEV RANSOMWARE

Microsoft Windows - RCE

Title source: llm

Description

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Exploits (13)

exploitdb WORKING POC VERIFIED

by Ehsan Noreddini · phpremotewindows

https://www.exploit-db.com/exploits/38512

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Ehsan Noreddini · phpremotewindows

https://www.exploit-db.com/exploits/38500

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mohammad Reza Espargham · phpremotewindows

https://www.exploit-db.com/exploits/37800

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mohammad Reza Espargham · phpremotewindows

https://www.exploit-db.com/exploits/37400

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Naser Farhadi · pythonremotewindows

https://www.exploit-db.com/exploits/36516

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by GradiusX & b33f · htmlremotewindows

https://www.exploit-db.com/exploits/35308

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by yuange · htmlremotewindows

https://www.exploit-db.com/exploits/35229

View Code ZIP pw:eip

exploitdb WORKING POC

by Mohammad Reza Espargham · phpremotewindows

https://www.exploit-db.com/exploits/37668

View Code ZIP pw:eip

exploitdb WORKING POC

by Wesley Neelen & Rik van Duijn · rubyremotewindows

https://www.exploit-db.com/exploits/35230

View Code ZIP pw:eip

nomisec NO CODE 5 stars

by MarkoArmitage · poc

https://github.com/MarkoArmitage/metasploit-framework

View Code ZIP pw:eip

nomisec STUB 2 stars

by mourr · poc

https://github.com/mourr/CVE-2014-6332

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by tjjh89017 · poc

https://github.com/tjjh89017/cve-2014-6332

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Robert Freeman, yuange, Rik van Duijn, Wesley Neelen · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb

View Code ZIP pw:eip

References (17)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html

[Exploit, Third Party Advisory] http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/158647

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70952

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031184

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/ncas/alerts/TA14-318B

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064

[Exploit, Third Party Advisory] https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37668/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37800/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/38500/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/38512/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332

Scores

CVSS v3 8.8

EPSS 0.9409

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2015-02-23

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2014-6216

Ransomware Use Confirmed

CWE

CWE-119

Status published

Products (11)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2003

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 1 more

Published Nov 11, 2014

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026