vendor:
Microsoft Office
by:
Google Security Research
5.5
CVSS
MEDIUM
DLL Planting
426
CWE
Product Name: Microsoft Office
Affected Version From: Microsoft Office 2010
Affected Version To: Microsoft Office 2010
Patch Exists: NO
Related CWE:
CPE: a:microsoft:office:2010
Platforms Tested: Windows 7 x86
DLL Planting Attack in Microsoft Office 2010 on Windows 7 x86
It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.
Mitigation:
Place the DLL file in a secure location and restrict access to it.