CVE-2014-4114

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, making this vulnerability particularly dangerous for organizations that frequently use these types of documents. This vulnerability played a key role in the infamous Sandworm attack, which targeted American and European entities in October 2014. The Sandworm attack leveraged the CVE-2014-4114 vulnerability to infiltrate various systems, exploiting the weakness in the Microsoft Windows OLE Package Manager. This marked it as the third zero-day vulnerability related to targeted attacks against diverse organizations during this period. While Symantec did not locate the original emails used in the attack, it did identify the use of an exploit designed to take advantage of the CVE-2014-4114 vulnerability. This exploit was embedded within Microsoft Office documents, demonstrating the broad reach and potential impact of this vulnerability. It underscores the importance of regular software updates and robust cybersecurity measures to guard against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Vulnerability
Exploit
Symantec
Microsoft
Remote Code ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlackEnergyUnspecified
2
BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Sandwormis related to
2
Sandworm, a threat actor linked to Russia's military intelligence service, has been identified as a significant cyber threat with a history of malicious activities. The group is known for its advanced persistent threat (APT) capabilities, which involve sophisticated, long-term campaigns targeting sp
Sandworm TeamUnspecified
1
The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy"
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2014-4114 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
GovCERT CH
a year ago
Microsoft patches three zero-day vulnerabilities - what does that mean to you?
MITRE
a year ago
It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community - The Citizen Lab
MITRE
a year ago
BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry | WeLiveSecurity
MITRE
a year ago
Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
MITRE
a year ago
Sandworm Team and the Ukrainian Power Authority Attacks | Mandiant
MITRE
a year ago
New TeleBots backdoor: First evidence linking Industroyer to NotPetya | WeLiveSecurity