⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2014-4114Improper Input Validation in Microsoft Windows Server 2008

CWE-20Improper Input ValidationCWE-94Code Injection41 documents18 sources
Severity
7.8HIGHNVD
EPSS
92.1%
top 0.29%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedOct 15
KEV addedMar 3
KEV dueMar 24
Latest updateJan 19
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-3hff-6c4j-j2w5: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14
VulnCheck
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability2014
VulnCheck
Microsoft Graphics Component Memory Corruption Vulnerability2013

💥Exploits & PoCs

7
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)2014-11-14
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)2014-11-14
Exploit-DB
Microsoft Office 2007/2010 - OLE Arbitrary Command Execution2014-11-12
Exploit-DB
Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060)2014-10-25
Exploit-DB
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)2014-10-20

🔍Detection Rules

1
Suricata
ET MALWARE Wonton-JH Checkin2014-10-24

📋Vendor Advisories

1
CISA
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability2022-03-03

🕵️Threat Intelligence

24
Tenable
Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy2023-01-27
Trendmicro
Untangling the Patchwork Cyberespionage Group2017-12-11
Unit42
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists2016-04-22
Unit42
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists2016-04-22
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys2015-05-01

📄Research Papers

4
arXiv
Techniques of Modern Attacks2026-01-19
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12
arXiv
Detecting Anomalies using Overlapping Electrical Measurements in Smart Power Grids2022-01-06
arXiv
Technical Aspects of Cyber Kill Chain2016-06-10