1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS OLE Automation SubstringData BO

HTTP MS OLE Automation SubstringData BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in OLE Automation.

Additional Information

There is a remote code execution vulnerability in OLE Automation that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could exploit the vulnerability by creating a specially crafted memory request that could potentially allow remote code execution if a user visited a specially crafted Web site or viewed a specially crafted e-mail message.

A bug exists in the SysAllocStringLen() API that is called by IE when working with DOM objects. An attacker could cause a heap buffer to be under-allocated using this bug and subsequently overrun a heap buffer to run code of her choice in the context of the currently logged on user in Internet Explorer.

Affected

  • Windows

Response

Ensure that all security updates and patches from Microsoft have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube