Intrusion PreventionMS.Windows.OLE32.DLL.Word.Document.DoS
Description
Microsoft OLE documents include summary information about the document, such as the line count. A memory corruption vulnerability exists in a library (ole32.dll) used by Windows to parse OLE document summary information. Note that Microsoft Windows can parse OLE document summary information without having Microsoft Office installed.
Public exploit code targeting Microsoft Windows Explorer is available for this vulnerability. The public exploit code uses specially crafted Office document to trigger the vulnerability in Microsoft Windows Explorer. However, any application that links to ole32.dll may also be affected.
Affected Products
Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might also be affected.
Impact
The complete impact of this vulnerability is not known. Memory corruption does occur, but it is not clear if this can be leveraged to execute arbitrary code. At a minimum, this vulnerability will cause a denial of service.
Recommended Actions
We are not aware of any official supplied fix for this issue. Please go to http://www.microsoft.com for suggested workaround.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 14354 |
| Created | Mar 15, 2007 |
| Updated | Dec 12, 2022 |
| Risk |
|
| CVE ID | CVE-2007-1347 |
| Exploit Prediction Score | 88.31% |
| Default Action | pass |
| Active | |
| Affected OS | Windows |
| Affected App | IE |