CVE-2011-3400

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description A vulnerability exists in the handling of OLE objects in memory, allowing remote attackers to execute arbitrary code via a crafted object in a file. This could lead to remote code execution if a user opens a file containing a specially crafted OLE object. An attacker who successfully exploits this issue could gain the same user rights as the logged-on user. If the user is logged on with administrative rights, the attacker could take complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that properly handles OLE objects in memory to prevent remote code execution. For Microsoft Windows Server 2003 version SP2, update to a version that properly handles OLE objects in memory to prevent remote code execution.