OLE vulnerability could allow remote code execution
Report ID: MS201309004
Date Published: 11 September 2013
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Summary
A vulnerability in the Object Linking and Embedding (OLE) could allow an attacker to execute code and take control of an affected system.
Detailed Description
Microsoft has released a security update to address a vulnerability in the Object Linking and Embedding (OLE) technology. The vulnerability was caused by incorrect handling of OLE objects in memory and could be exploited into allowing an attacker to execute arbitrary code on an affected system.
The vulnerability has been patched in the latest update which introduces modification in the way that OLE objects are handled in memory. Users are recommended to install the update to protect their system from exploit attempts.
CVE Reference
CVE-2013-3863
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-070)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
