CVE-2014-4114

Vulnerability updated 7 months ago (2024-05-04T20:31:56.158Z)

Download STIX

Preview STIX

CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, making this vulnerability particularly dangerous for organizations that frequently use these types of documents. This vulnerability played a key role in the infamous Sandworm attack, which targeted American and European entities in October 2014. The Sandworm attack leveraged the CVE-2014-4114 vulnerability to infiltrate various systems, exploiting the weakness in the Microsoft Windows OLE Package Manager. This marked it as the third zero-day vulnerability related to targeted attacks against diverse organizations during this period. While Symantec did not locate the original emails used in the attack, it did identify the use of an exploit designed to take advantage of the CVE-2014-4114 vulnerability. This exploit was embedded within Microsoft Office documents, demonstrating the broad reach and potential impact of this vulnerability. It underscores the importance of regular software updates and robust cybersecurity measures to guard against such threats.

Description last updated: 2024-05-04T17:20:49.114Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The BlackEnergy Malware is associated with CVE-2014-4114. BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Sandworm Threat Actor is associated with CVE-2014-4114. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	is related to	2

Source Document References

Information about the CVE-2014-4114 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	Endpoint Protection - Symantec Enterprise
MITRE	2 years ago	Sandworm Team and the Ukrainian Power Authority Attacks \| Mandiant
MITRE	2 years ago	Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers
MITRE	2 years ago	Endpoint Protection - Symantec Enterprise
MITRE	2 years ago	New TeleBots backdoor: First evidence linking Industroyer to NotPetya \| WeLiveSecurity
MITRE	2 years ago	It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community - The Citizen Lab
MITRE	2 years ago	BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry \| WeLiveSecurity
GovCERT CH	2 years ago	Microsoft patches three zero-day vulnerabilities - what does that mean to you?