Microsoft's announcement to fix the OLE remote code execution vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201455002
Type myhack58
Reporter 佚名
Modified 2014-10-24T00:00:00


In last month's“patch Tuesday”in Microsoft's Update Patch for the OLE allow remote code execution were fixed. We had thought that the vulnerability has been fixed, but may in fact be more than we imagined more complicated. Microsoft today once again revolve around the vulnerability issued a safety notice 3 0 1 0 0 6 0, and provides a one-button“fix”solutions. According to Microsoft's announcement shows the vulnerability of the main include Windows Server 2 0 0 3 including all Microsoft Windows versions. The vulnerability as early as comprising an OLE object of Microsoft Office document(attacks using PowerPoint files). OLE stands for object linking and embedding(Object Linking and Embedding), which enables applications to be created from a plurality of different source information of the composite document, such as you can in a PowerPoint document embedded in the Excel file, so you only need one place to edit it.