CVE-2014-6352
HIGH KEVMS14-064 Microsoft Windows OLE Package Manager Code Execution
Title source: metasploitDescription
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Exploits (7)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/35235
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/35236
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows_x86
https://www.exploit-db.com/exploits/35020
exploitdb
WORKING POC
by Abhishek Lyall · pythonlocalwindows
https://www.exploit-db.com/exploits/35216
exploitdb
WORKING POC
by Mike Czumak · pythonremotewindows
https://www.exploit-db.com/exploits/35055
exploitdb
WORKING POC
by Vlad Ovtchinikov · pythonlocalwindows
https://www.exploit-db.com/exploits/35019
metasploit
WORKING POC
EXCELLENT
by Haifei Li, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb
References (9)
Scores
CVSS v3
7.8
EPSS
0.9073
EPSS Percentile
99.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-02-25
VulnCheck KEV
2014-10-22
InTheWild.io
2014-11-11
ENISA EUVD
EUVD-2014-6236
Status
published
Products (10)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_rt
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
microsoft/windows_vista
Published
Oct 22, 2014
KEV Added
Feb 25, 2022
Tracked Since
Feb 18, 2026