Microsoft Office Word OLE Object Code Execution Vulnerability

Microsoft Office is a popular office software suite developed by Microsoft. A code execution vulnerability exists in the Microsoft Office Word OLE object, which can be exploited by an attacker to obtain permission to remotely execute arbitrary code, covertly install a variety of malware, and infe...

PT-2017-2447 · Ruby · Ruby

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to type confusion in the WIN32OLE class of Ruby, specifically in the ole invoke and ole query interface methods. This occurs when an attacker passes a different type of...

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in Windows OLE allows for the execution of code remotely, provided that the user opens a file containing a specially crafted OLE object. Exploiting this vulnerability enables the attacker to gain privileges similar to those of an authorized user. If the accessing user has...

CVE-2016-3235

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...

Microsoft Office OLE DLL End Load Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security vulnerability exists in Microsoft Office that originates from the program failing to properly...

Microsoft Windows OLE Remote Code Execution Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. OLE Object Linking and Embedding is a technology that allows applications to share data and functionality. A remote code execution vulnerability exists in OLE for Microsoft Windows that originates fro...

CVE-2016-0153

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the OLE component in the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the OLE component in the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Microsoft Windows OLE Memory Remote Code Execution Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. OLE Object Linking and Embedding is a technology that allows applications to share data and functionality. A remote code execution vulnerability exists in Microsoft Windows OLE that can be exploited b...

CVE-2016-0091

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution...

Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04659)

Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows OLE due to the program failing to properly validate user input. An attacker could exploit this...

openoffice: Arbitrary file disclosure via crafted OLE objects

A flaw was found in the OLE Object Linking and Embedding generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution...

VulnCheck KEV: CVE-2014-4114

A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...

Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)

This host is missing an important security update according to Microsoft Bulletin MS11-093. OpenVAS Vulnerability Test $Id: secpodms11-093.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft Windows OLE Remote Code Execution Vulnerability 2624667 Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)

This host is missing a critical security update according to Microsoft Bulletin MS11-038. OpenVAS Vulnerability Test $Id: secpodms11-038.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft Windows OLE Automation Remote Code Execution Vulnerability 2476490 Authors: Madhuri D Copyright: Copyright c 2011...

CVE-2009-2493

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...

Security Update for Windows Vista for x64-based Systems (KB943055)

A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using Object Linking and Embedding OLE Automation and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item,...