MS KB3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution (deprecated)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a remote code execution vulnerability.

Description :

The remote host is missing one of the workarounds referenced in
Microsoft Security Advisory 3010060.

The version of Microsoft Office installed on the remote host is
affected by a remote code execution vulnerability due to a flaw in the
OLE package manager. A remote attacker can exploit this vulnerability
by convincing a user to open an Office file containing specially
crafted OLE objects, resulting in execution of arbitrary code in the
context of the current user.

See also :

https://technet.microsoft.com/library/security/3010060

Solution :

Apply the Microsoft Fix it solution 'OLE packager Shim Workaround' or
deploy the Enhanced Mitigation Experience Toolkit (EMET) 5.0 and
configure Attack Surface Reduction with the settings provided by
Microsoft.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:ND/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 78627 ()

Bugtraq ID: 70690

CVE ID: CVE-2014-6352

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now