Secunia

Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system.

1) An unspecified error in the way memory is accessed when processing COM structured storage files allows malicious, local users to execute code with escalated privileges.

2) An unchecked buffer in the process that validates OLE data can be exploited to execute arbitrary code via messages containing maliciously crafted OLE objects.

The following operating systems and software is affected by one or both of the vulnerabilities:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 (Itanium)
Microsoft Exchange 2000 Server
Microsoft Exchange Server 2003
Microsoft Exchange Server 5.0
Microsoft Exchange Server 5.5
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Office XP
Outlook 2002
Word 2002
Excel 2002
PowerPoint 2002
FrontPage 2002
Publisher 2002
Access 2002
Microsoft Office 2003
Outlook 2003
Word 2003
Excel 2003
PowerPoint 2003
FrontPage 2003
Publisher 2003
Access 2003
InfoPath 2003
OneNote 2003

NOTE: All software is vulnerable because it uses OLE from the underlying operating system.

Third party application may also be affected.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
Cesar Cerrudo, Application Security.

Changelog
Further details available in Customer Area

Original Advisory
MS05-012 (KB873333):
http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area