Microsoft Windows OLE Remote Code Execution Vulnerability (2624667) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-093.

Impact

Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-093

Insight

The flaw is due to an error when handling certain properties of an Object Linking and Embedding (OLE) object and can be exploited via a specially crafted file containing an OLE object.

Affected

Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2003 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2624667
http://technet.microsoft.com/en-us/security/bulletin/ms11-093
http://www.securitytracker.com/id/1026418
https://secunia.com/advisories/47207

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3400

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
IE 5.01 5.5 6.0 Cumulative patch (890923)
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
Cumulative Security Update for Internet Explorer (928090)

Take action and discover your vulnerabilities