Check Point Threat Alert: Outlook OLE Vulnerability

Object Linking and Embedding (OLE), developed by Microsoft, allows users to embed and link to documents and other objects. However, a Remote-Command-Execution vulnerability was found in Microsoft Office that allows remote attackers to execute arbitrary code via a crafted email message processed by Outlook.

Microsoft Outlook has a sandbox bypass vulnerability which allows an attacker to bypass Outlook’s security layers and exploit Office’s OLE capabilities. A remote attacker can send a victim an e-mail containing a specially crafted attachment. This attachment may embed an OLE object that leverages a second vulnerability in other registered OLE software. The vulnerability was found by security researcher Haifei Li, who disclosed it to Microsoft. It was addressed in December 2015 Microsoft Security Bulletin MS15-131 (CVE-2015-6172).

Check Point released an IPS protection to help customers defend against such attacks until they can patch their Microsoft Office systems.

Check Point IPS Protection

Check Point protects its customers from attacks targeting this vulnerability with the following IPS protection, which was released on December 24, 2015: