iSight Partners recently announced that they had discovered some new malware that was being used in a Russian cyber-espionage campaign. The vulnerability used in the campaign was CVE-2014-4114, which is a problem inside the OLE package manager in Microsoft Windows. (Microsoft released MS14-060 to address the problem.) I had some time to look into the internals of the vulnerability and what I found is kind of interesting. First, it is not a memory corruption issue and second, the vulnerability executes binary files from a PowerPoint file with an embedded OLE component. Microsoft Office executables are usually huge binaries with a lot of different functionality, but it seems that some of this functionality might come at the cost of security.
more here..........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-analysis-of-the-SandWorm-Vulnerability-CVE-2014-4114/ba-p/6649758#.VEYCoPnF-So
more here..........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-analysis-of-the-SandWorm-Vulnerability-CVE-2014-4114/ba-p/6649758#.VEYCoPnF-So