Immunity, Inc.
Name ms14_064_ie_oleaut32
CVE CVE-2014-6332
Exploit Pack CANVAS
DescriptionMS14_064 - Windows OLE Automation Array Remote Code Execution Vulnerability
NotesCVE Name: CVE-2014-6332
VENDOR: Microsoft
NOTES:

References:
http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
http://www.secniu.com/how-to-use-vbscript-to-turn-on-the-god-mode/

This exploit has been tested on:
* Windows 7 Professional EN (x32) with IE 8
* Windows 7 Ultimate N EN (x32) with IE 8
* Windows 7 Ultimate N EN (x32) with IE 9
* Windows 7 Ultimate N EN with SP1 (x32) with IE 9
* Windows 7 Ultimate N EN with SP1 (x32) with IE 10
* Windows 7 Ultimate N EN with SP1 (x32) with IE 11
* Windows 8.1 EN (x32) with IE 11

NOTE: With HTTP Callback Tunneling we inject a win32 shellcode
because the powershellNode doesn't support it yet.


Make sure to enable on the clientd response settings:
- Respond directly with exploit

If execution of scripts is disabled on the target system (default configuration),
the user will get a popup asking if they want powershell to make changes to their
system. In corporate environments it is very unlikely that execution of scripts
is disabled.

Command line usage:
$ python ./exploits/clientd/clientd.py -l 192.168.1.102 -d 5555 -O server_port:8080 -O allowed_attack_modules:ms14_064_ie_oleaut32 -O auto_detect_exploits:0
$ ./commandlineInterface.py -v23 -p5555


Repeatability: Single
References: https://technet.microsoft.com/library/security/MS14-064
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332

Learn more about the CANVAS Exploit Pack here: CANVAS