VULNERABILITIES / FIXES - February 13, 2013
by Carol~ - 2/13/13 8:53 AM
Microsoft Windows OLE Automation File Parsing Vulnerability
Release Date : 2013-02-13
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Operating System: Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within Object Linking and Embedding (OLE) Automation when parsing certain files, which can be exploited via e.g. a specially crafted RTF file.
Successful exploitation allows execution of arbitrary code.
Provided and/or discovered by:
The vendor credits an anonymous person via ZDI.