HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IPS, Proventia Desktop, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a specially-crafted file that can result in the execution of arbitrary code.
High
IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network MFS: XPU 27.070, IBM Security Server Protection for Windows: 1.0.914.2080, Proventia Network IDS: XPU 27.070, Proventia-G 1.1 and earlier: XPU 27.070, BlackICE Server Protection: 3.6.cqn, BlackICE PC Protection: 3.6cqn, RealSecure Server Sensor: XPU 27.070, RealSecure Network: XPU 27.070, Proventia Network IPS: XPU 27.070, Proventia Desktop: 2080, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 27.070
Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Office: 2004, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Visual Basic: 6.0 SP6
Unauthorized Access Attempt
An application is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS08-008
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
IBM Internet Security Systems X-Force Database
Microsoft Windows OLE script request buffer overflow
http://xforce.iss.net/xforce/xfdb/40043
Nortel BULLETIN ID: 2008008631, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-008
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=691325
Microsoft Security Bulletin MS11-038
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
http://www.microsoft.com/technet/security/bulletin/ms11-038.mspx
Microsoft Security Bulletin MS11-075
Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
http://www.microsoft.com/technet/security/bulletin/ms11-075.mspx
ISS X-Force
OLE stream buffer overflow
http://www.iss.net/security_center/static/33226.php
CVE
CVE-2007-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0065