Trend Micro Security

MS11-038:OLE オートメーションの脆弱性により、リモートでコードが実行される

  危険度: : 緊急
  CVE識別番号: CVE-2011-0658

  概要

A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow remote code execution if a user visits a site with a malicious Windows Metafile (WMF) image. An attacker would need to trick users into visiting such a malicious site through links in an email message or instant message. This critical security update corrects the way in which OLE Automation parses WMF files.

  トレンドマイクロの対策

詳しい情報については以下のサイトをご参照ください。
MS11-038:OLE オートメーションの脆弱性により、リモートでコードが実行される

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1004690
  Trend Micro Deep Security DPI Rule Name: OLE Automation Underflow Vulnerability

  影響を受けるソフトウェア

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1