Description: Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system.
1) An unspecified error in the way memory is accessed when processing COM structured storage files allows malicious, local users to execute code with escalated privileges.
2) An unchecked buffer in the process that validates OLE data can be exploited to execute arbitrary code via messages containing maliciously crafted OLE objects.
The following operating systems and software is affected by one or both of the vulnerabilities:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 (Itanium)
Microsoft Exchange 2000 Server
Microsoft Exchange Server 2003
Microsoft Exchange Server 5.0
Microsoft Exchange Server 5.5
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Office XP
Outlook 2002
Word 2002
Excel 2002
PowerPoint 2002
FrontPage 2002
Publisher 2002
Access 2002
Microsoft Office 2003
Outlook 2003
Word 2003
Excel 2003
PowerPoint 2003
FrontPage 2003
Publisher 2003
Access 2003
InfoPath 2003
OneNote 2003
NOTE: All software is vulnerable because it uses OLE from the underlying operating system.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.