The OLE packager component (packager.dll) of Microsoft Windows will automatically download remote files referenced in embedded OLE objects within Office documents. In the case of .INF installer files, packager.dll will automatically run them without prompting the user. This can be abused to gain arbitrary code execution by creating an Office document with an embedded OLE object containing a reference to a remote INF file with specially crafted commands. This vulnerability can be exploited by convincing an unsuspecting user to open a specially crafted PowerPoint document.
CVE Link
Exploit Platform
Exploit Type
Product Name