⚠ Actively exploited

Added to CISA KEV on 2022-02-25. Federal agencies required to patch by 2022-08-25. Required action: Apply updates per vendor instructions..

CVE-2014-6352 — Code Injection in Microsoft Windows Server 2008

CWE-94 — Code Injection23 documents13 sources

Severity

7.8HIGHNVD

EPSS

90.7%

top 0.37%

CISA KEV

KEV

Added 2022-02-25

Due 2022-08-25

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedOct 22

KEV addedFeb 25

KEV dueAug 25

Latest updateJan 19

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: blogs.technet.com ↗Patch: docs.microsoft.com ↗Patch: technet.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hcj8-r3vf-4jr7: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

VulnCheck

Microsoft Windows Code Injection Vulnerability↗2014

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)↗2014-11-14

▶

Exploit-DB

Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)↗2014-11-14

▶

Exploit-DB

Microsoft Office 2007/2010 - OLE Arbitrary Command Execution↗2014-11-12

▶

Exploit-DB

Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060)↗2014-10-25

▶

Exploit-DB

Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)↗2014-10-20

▶

📋Vendor Advisories

CISA

Microsoft Windows Code Injection Vulnerability↗2022-02-25

▶

🕵️Threat Intelligence

Trendmicro

The Trail of BlackTech’s Cyber Espionage Campaigns↗2017-06-22

▶

Securelist

IT threat evolution Q3 2016↗2016-11-03

▶

Securelist

IT threat evolution Q3 2016↗2016-11-03

▶

Talos

Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities↗2014-11-11

▶

Talos

Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities↗2014-11-11

▶

📐Framework References

ATT&CK

AutoIt backdoor↗

▶

📄Research Papers

arXiv

Techniques of Modern Attacks↗2026-01-19

▶