Vulnerability ID: VU#927889 Title: Microsoft OLE buffer overflow Original Release Date: 2005-02-08 Last Revised: 2005-02-08 Description: - A buffer overflow error in Microsoft OLE can allow remote attackers to execute arbitrary code on vulnerable systems. - Vulnerable systems include Windows OLE component-based applications. - Specific attack vectors and affected programs vary between systems. Impact: - Remote attackers can execute arbitrary code on vulnerable systems. - Attack requires user interaction on Windows 2000, Windows XP, and Windows Server 2003. Solution: - Apply the patch published in Microsoft Security Bulletin MS05-012. CVSS Metrics: - Severity Metric: 20.66 References: - http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx Acknowledgments: - Microsoft Security reported the vulnerability.