A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke OLE automation through a web browser. However, an attacker would have to entice a user to visit such a website. The update addresses the vulnerability by correcting how OLE automation handles objects in memory.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center