MS KB3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution (deprecated)
High Nessus Plugin ID 78627
SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe remote host is missing one of the workarounds referenced in Microsoft Security Advisory 3010060.
The version of Microsoft Office installed on the remote host is affected by a remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can exploit this vulnerability by convincing a user to open an Office file containing specially crafted OLE objects, resulting in execution of arbitrary code in the context of the current user.
SolutionApply the Microsoft Fix it solution 'OLE packager Shim Workaround' or deploy the Enhanced Mitigation Experience Toolkit (EMET) 5.0 and configure Attack Surface Reduction with the settings provided by Microsoft.