Name | ms14_064_ie_oleaut32 |
CVE | CVE-2014-6332 |
Exploit Pack | CANVAS |
Description | MS14_064 - Windows OLE Automation Array Remote Code Execution Vulnerability |
Notes | CVE Name: CVE-2014-6332 VENDOR: Microsoft NOTES: References: http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ http://www.secniu.com/how-to-use-vbscript-to-turn-on-the-god-mode/ This exploit has been tested on: * Windows 7 Professional EN (x32) with IE 8 * Windows 7 Ultimate N EN (x32) with IE 8 * Windows 7 Ultimate N EN (x32) with IE 9 * Windows 7 Ultimate N EN with SP1 (x32) with IE 9 * Windows 7 Ultimate N EN with SP1 (x32) with IE 10 * Windows 7 Ultimate N EN with SP1 (x32) with IE 11 * Windows 8.1 EN (x32) with IE 11 NOTE: With HTTP Callback Tunneling we inject a win32 shellcode because the powershellNode doesn't support it yet. Make sure to enable on the clientd response settings: - Respond directly with exploit If execution of scripts is disabled on the target system (default configuration), the user will get a popup asking if they want powershell to make changes to their system. In corporate environments it is very unlikely that execution of scripts is disabled. Command line usage: $ python ./exploits/clientd/clientd.py -l 192.168.1.102 -d 5555 -O server_port:8080 -O allowed_attack_modules:ms14_064_ie_oleaut32 -O auto_detect_exploits:0 $ ./commandlineInterface.py -v23 -p5555 Repeatability: Single References: https://technet.microsoft.com/library/security/MS14-064 CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332 |
Learn more about the CANVAS Exploit Pack here: CANVAS |