CVE-2014-6352

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1

Description The issue is related to errors in code generation management, allowing remote attackers to execute arbitrary code via a crafted OLE object. This has been exploited in the wild, for example, with a crafted PowerPoint document in October 2014. The vulnerability can be triggered when a user opens a specially crafted Microsoft Office file containing OLE objects, potentially giving an attacker the same user rights as the current user.

Recommendations For Microsoft Windows versions Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, consider avoiding the use of OLE objects in Microsoft Office files until a fix is available. As a temporary workaround, restrict access to specially crafted Microsoft Office files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.