0-day in Microsoft OLE Packager/PowerPoint

Wolfgang Kandek

Microsoft informed in security advisory 3010060 that they are aware of limited attacks against a new vulnerability in OLE packager. The vulnerability CVE-2014-6352 exists on all supported versions of Windows, except Windows 2003. The attack allows for remote code execution. As a temporary solution Microsoft has prepared a Fix-it in KB3010060. There are also instructions on how to configure EMET to block the attack.

OLE Packager was patched just this month in MS14-060. There a vulnerability (CVE-2014-4114) was also under limited attack through PowerPoint, and Microsoft credited iSIGHT Partners for the find. The new CVE-2014-6352 has security researchers from Google and McAfee in its credits section. McAfee has a blog post that details how they detected the additional weaknesses in OLE packager.

Stay tuned for more updates.

Share your Comments


Your email address will not be published.