Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

OLE vulnerability could allow remote code execution


Report ID: MS201309004
Date Published: 11 September 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003




Summary

A vulnerability in the Object Linking and Embedding (OLE) could allow an attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability in the Object Linking and Embedding (OLE) technology. The vulnerability was caused by incorrect handling of OLE objects in memory and could be exploited into allowing an attacker to execute arbitrary code on an affected system.

The vulnerability has been patched in the latest update which introduces modification in the way that OLE objects are handled in memory. Users are recommended to install the update to protect their system from exploit attempts.



CVE Reference

CVE-2013-3863



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-070)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.