Object Linking and Embedding (OLE) allows applications to create and edit compound documents. For example, a Microsoft Excel spreadsheet can be embedded within a Microsoft Word application.
A vulnerability when handling OLE objects in memory allows command execution when a user opens a file containing a specially crafted OLE object.
Apply the patch referenced in Microsoft Security Bulletin 11-093.
Exploit works on Microsoft Visio Viewer 2010 and requires a user to open the exploit page in Internet Explorer 7.