Microsoft Windows OLE Remote Code Execution Vulnerabilities

Last Update Date: 18 Nov 2014 Release Date: 12 Nov 2014 3204 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

Windows OLE Automation Array Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. This update addresses the vulnerability by modifying the way that the affected operating systems validate the use of memory when OLE objects are accessed, and by modifying the way that Internet Explorer handles objects in memory.
Windows OLE Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the context of the current user that is caused when a user downloads, or receives, and then opens a specially crafted Microsoft Office file that contains OLE objects. Microsoft first received information about this vulnerability through coordinated vulnerability disclosure. This vulnerability was first described in Microsoft Security Advisory 3010060. Microsoft is aware of limited attacks that attempt to exploit this vulnerability. This update addresses the vulnerability by modifying the way that the affected operating systems validate the use of memory when OLE objects are accessed.