VU#158647: Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via…
Vulnerability Note VU#158647
Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer
Original Release date: 13 Nov 2014 | Last revised: 13 Nov 2014
A vulnerability in Microsoft Windows OLE could allow remote code execution if a user views a specially-crafted web page in Internet Explorer.
The Microsoft Windows OLE OleAut32.dll library provides the SafeArrayRedim function that allows resizing of SAFEARRAY objects in memory. In certain circumstances, this library does not properly check sizes of arrays when an error occurs. The improper size allows an attacker to manipulate memory in a way that can bypass the Internet Explorer Enhanced Protected Mode (EPM) sandbox as well as the Enhanced Mitigation Experience Toolkit (EMET).
This vulnerability can be exploited using a specially-crafted web page utilizing VBscript in Internet Explorer, however it may impact other software that makes use of OleAut32.dll and VBscript.
More information is available in a blog post from IBM X-Force.
Arbitrary code can be run on the computer with user privileges. If the user is an administrator, the attacker may run arbitrary code as an administrator, fully compromising the system.
Apply an update
An update is available from Microsoft through its Windows Update service. Please see Microsoft Security Bulletin MS14-064.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||–||13 Nov 2014|
If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
Microsoft credits Robert Freeman of IBM X-Force.
This document was written by Garret Wassermann.
11 Nov 2014
Date First Published:
13 Nov 2014
Date Last Updated:
13 Nov 2014
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The original article/video can be found at VU#158647: Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via…