Microsoft OLE Object File Handling vulnerability

2012-06-15T00:00:00
ID SAINT:23BE900194284F806033B2BEB1109DF0
Type saint
Reporter SAINT Corporation
Modified 2012-06-15T00:00:00

Description

Added: 06/15/2012
CVE: CVE-2011-3400
BID: 50977
OSVDB: 77663

Background

Object Linking and Embedding (OLE) allows applications to create and edit compound documents. For example, a Microsoft Excel spreadsheet can be embedded within a Microsoft Word application.

Problem

A vulnerability when handling OLE objects in memory allows command execution when a user opens a file containing a specially crafted OLE object.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-093.

References

<http://technet.microsoft.com/en-us/security/bulletin/ms11-093>

Limitations

Exploit works on Microsoft Visio Viewer 2010 and requires a user to open the exploit page in Internet Explorer 7.

Platforms

Windows XP