CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

Windows OLE Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows OLE allows an authorized attacker to elevate privileges locally...

The Bug Report - January 2026 Edition

The Bug Report – January 2026 Edition By Jonathan Omakun · February 12, 2026 Why am I here? Welcome back to The Bug Report, the post-holiday edition, where we realize that while our resolutions to "go to the gym" have already failed, hackers’ resolutions to "break everything" are going strong. Fo...

CLEANSTART-2026-LA13761 vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. See references for individual vulnerability details...

Microsoft Office zero-day lets malicious documents slip past security checks

Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classifie...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117

The CVE-2025-65117 entry concerns AVEVA Process Optimization: an authenticated Process Optimization Designer User can embed OLE objects into graphics, potentially escalating privileges to a victim user after interaction with the graphics. Core details indicate local access with low attack complex...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-60714

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

EUVD-2025-93416

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability

...

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability

...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows OLE. An attacker exploiting this vulnerability could execute code. The following products and editions are affected:Windows 10 Version...

PT-2025-46475

Name of the Vulnerable Software and Affected Versions Windows OLE affected versions not specified Description A heap-based buffer overflow exists in Windows OLE. This flaw could allow an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...

CLSA-2025-1756409595 clamav: Fix of 4 CVEs

Update to 1.4.3 LTS - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed...

UBUNTU-CVE-2024-54028

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Catdoc 输入验证错误漏洞

Catdoc is a program that reads MS-Word files and prints them readably by an individual developer, Pete Warden in the United States. A security vulnerability exists in Catdoc version 0.95, which stems from an integer overflow in the OLE document file allocation table parser, which could lead to he...

Exploit for Use After Free in Microsoft

CVE-2025-21298 content This is a proof-of-concept for CV...

January 7, 2025, update for PowerPoint 2016 (KB5002632)

January 7, 2025, update for PowerPoint 2016 KB5002632 This article describes update 5002632 for Microsoft PowerPoint 2016 that was released on January 7, 2025.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't...

PT-2024-6305 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the OLE DB driver for SQL Server on Windows operating systems. This can be exploited by a remote attacker to disclose...