Critical Remote Code Execution Vulnerability Discovered in Microsoft OLE Automation
( Microsoft Security Bulletin MS13-020, CVE-2013-1313 )
A critical remote code execution vulnerability has been reported in Microsoft's OLE Automation subsystem in Windows that could allow an attacker to execute arbitrary code on a targeted system. The Check Point IPS Software Blade protects unpatched systems against this issue.
Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application.
The vulnerability is due to an issue with the way that OLE Automation parses a specially crafted file. An attacker could entice a targeted user to visit a maliciously crafted web site, or alternatively could send the user a malicious RTF file via email. Successful exploitation could allow the attacker to take complete control of the targeted system with the rights and privileges of the user's security context.
This issue affects Windows XP Service Pack 3.
The security update described in MS13-020 should be applied to vulnerable systems as soon as is practical. In the meantime, the Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking attempts to exploit the vulnerability. For more information, see CPAI-2013-382.
Last Updated: 21-Feb-2013