3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 1.0

Discussion in 'Security Alerts' started by News, Oct 21, 2014.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,216
    Likes Received:
    20
    Revision Note: V1.0 (October 21, 2014): Advisory published.
    Summary: Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed.

    Continue reading...
     

Share This Page

Loading...