Jump to content

Vulnerability in Microsoft OLE could allow remote code execution.


Recommended Posts


Microsoft Security Advisory 3010060

Microsoft security advisory: Vulnerability in Microsoft OLE could allow remote code execution: October 21, 2014
Fix it: Apply the OLE packager shim workaround
Fix it: Remove the OLE packager shim workaround

On Tuesday, Microsoft issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system except, Windows Server 2003. The software giant also confirmed targeted attacks looking to exploit this flaw.

The advisory says that attackers are using PowerPoint files, which contain a malicious Object Linking and Embedding (OLE) object, to trigger the vulnerability. OLE technology is used to share data between applications.

"The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,"

Link to post
Share on other sites

Thanks, @1PW.

I'll probably try it on my backup box first.


And I presume there will be a formal patch for this vulnerability eventually, perhaps with next month's Black Tuesday offerings.

(Alas, sometimes the user has to undo the Fixit before installing the formal patch. More work again next month. Sigh.)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.