Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED


  • Windows 2000

  • Windows XP

  • Windows Server 2003

  • Windows Me and 98

  • Exchange Server 5.0 and 5.5

  • Exchange 2000 Server

  • Exchange Server 2003

  • Office XP

  • Office 2003

DESCRIPTION

A vulnerability in the way memory is accessed when processing COM-based storage files could allow the locally logged on user to take complete control of the OS.

A vulnerability in the way OLE processes input validation could allow a remote intruder to execute code on a user's system. A successful exploit could allow the intruder to take complete control of the user's system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-012, "Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)," and a patch to correct the problem.

CREDIT
Cesar Cerrudo of Application Security