Microsoft OLE Remote Code Execution Vulnerability (CVE-2014-6352)

Microsoft OLE Remote Code Execution Vulnerability (CVE-2014-6352)

Release date:
Updated on:

Affected Systems:
Microsoft Windows Vista
Microsoft Windows Server 2012
Microsoft Windows Server 2008
Microsoft Windows RT
In Microsoft Windows 8.1
Microsoft Windows 8
Microsoft Windows 7
Description:
Bugtraq id: 70690
CVE (CAN) ID: CVE-2014-6352

OLE (Object link and embedding) is a technology that allows applications to share data and functions. UAC (User Account Control) is a new technology that Microsoft introduces in Windows Vista to improve system security.

Microsoft Windows has a security vulnerability in the implementation of OLE components. unauthenticated remote attackers can exploit this vulnerability to execute remote code. This vulnerability is caused by the failure to properly process Office files containing OLE objects.

<* Source: Microsoft
Drew Hintz
Jon Huntley
Matty Pellegrino
Haifei Li
Bing Sun

Link: https://technet.microsoft.com/library/security/3010060
*>

Suggestion:
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Apply the Microsoft Fix it solution "OLE packager Shim Workaround" to prevent this vulnerability.
* Do not open Microsoft PowerPoint files or other files from suspicious sources.
* Enable UAC.
* Deploy Enhanced Mitigation Experience Toolkit 5.0 and Configure Attack Surface rendering.

Vendor patch:

Microsoft
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://technet.microsoft.com/security/bulletin/

This article permanently updates the link address: