关联漏洞
标题:
Microsoft OLE 资源管理错误漏洞
(CVE-2025-21298)
描述:Microsoft OLE是美国微软(Microsoft)公司的一种面向对象的技术。 Microsoft OLE存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Wi
描述
Complete analysis of CVE-2025-21298, a double free vulnerability related to ole32 library in windows.
介绍
# Review of the CVE-2025-21298 vulnerability
CVE-2025-21298 is a critical vulnerability in the OLE (Object Linking and Embedding) technology used in Microsoft Windows.
It specifically affects the UtOlePresStmToContentsStm function in the ole32.dll library. This function is responsible for converting an OLE "presentation stream" into a "content stream" inside OLE storage.
The vulnerability can be triggered when a user opens a malicious RTF file in a Microsoft product. Due to poor memory management, an attacker can exploit this flaw to run their own code on the system.
This is a "Use After Free" vulnerability, classified as CWE-416. That means the program tries to use memory that has already been freed, which can lead to unexpected behavior or let the attacker run malicious code (shellcode) on the system.
文件快照
[4.0K] /data/pocs/8accca0285e5570bf5429c5aca3cde942037bf23
├── [6.8M] cve_2025_21298_poc.pdf
└── [ 818] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。