Object Linking and Embedding (OLE), developed by Microsoft, allows users to embed and link to documents and other objects. However, a Remote-Command-Execution vulnerability was found in Microsoft Office that allows remote attackers to execute arbitrary code via a crafted email message processed by Outlook.

Microsoft Outlook has a sandbox bypass vulnerability which allows an attacker to bypass Outlook’s security layers and exploit Office’s OLE capabilities. A remote attacker can send a victim an e-mail containing a specially crafted attachment. This attachment may embed an OLE object that leverages a second vulnerability in other registered OLE software. The vulnerability was found by security researcher Haifei Li, who disclosed it to Microsoft. It was addressed in December 2015 Microsoft Security Bulletin MS15-131 (CVE-2015-6172).

Check Point released an IPS protection to help customers defend against such attacks until they can patch their Microsoft Office systems.

Check Point IPS Protection

Check Point protects its customers from attacks targeting this vulnerability with the following IPS protection, which was released on December 24, 2015:

 

References


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please complete the equation to verify your submission. * Time limit is exhausted. Please reload the CAPTCHA.