search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft OLE buffer overflow

Vulnerability Note VU#927889

Original Release Date: 2005-02-08 | Last Revised: 2005-02-08

Overview

A vulnerability in a way that various programs handle OLE objects could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft OLE is a technology that allows applications to create and edit compound documents. Compound documents are those consisting of one format, that contain embeddings of (or links to) documents of another format. A buffer overflow error occurs during the process that OLE uses to validate data. This error results in a vulnerability that could allow a remote attacker with the ability to supply a malicious OLE object to execute code of their choosing on a vulnerable system. Any application that uses the Windows OLE component could also be vulnerable to this issue and the attack vectors may vary between systems. Microsoft states that on Exchange Server 5.0, Exchange Server 5.5, Exchange 2000 Server, and Exchange Server 2003, any unauthenticated user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability.

Furthermore, Microsoft states that on Windows 2000, Windows XP, and Windows Server 2003, user interaction is required to exploit this vulnerability. An attacker would need to persuade a user to open a file or an email message containing an attachment that contains a malicious OLE object.

Impact

A remote attacker could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the component that exposes the vulnerability.

Solution

Apply a patch

Microsoft has published Microsoft Security Bulletin MS05-012 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.

Vendor Information

927889
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  February 08, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published Microsoft Security Bulletin MS05-012 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Microsoft Security for reporting this vulnerability.

This document was written by Chad R Dougherty based upon information provided by Microsoft.

Other Information

CVE IDs: CVE-2005-0044
Severity Metric: 20.66
Date Public: 2005-02-08
Date First Published: 2005-02-08
Date Last Updated: 2005-02-08 23:59 UTC
Document Revision: 2

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.