Internet Explorer OLE Automation Array Remote Code Execution

2014-11-18 18:05:04

<html>
<!--

Full Exploit: http://www.exploit-db.com/sploits/35281.zip

CVE-2014-6332 - (MS14-064) Windows OLE Could Allow Remote Code Execution
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,
Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site,
aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Tested on IE 8,9,11 on Win7
this Vulnerability to Execute of local File but you can use generator for change local to Remote Download and Execute File with Powershell
Exploit Generator by faryad Rahmani
Email : [email protected]
Twitter : #faryadR
[email protected]
-->
<head>
<title> MS14-064 Automat Exploit Generation</title>
</head>
<body>

<form action="gen.php" method="POST">
Enter URL File to Download and Execute
<br/>
Example : http://192.168.1.2/File.exe"
<br/><br/>
<input type="text" name="url" id="url"/>

<br/><br />
<input type="submit" value="Generate"></input>


</form>



</body>
</html>

Fixes

No fixes

In order to submit a new fix you need to be registered.