Microsoft Word is prone to a vulnerability that may allow execution of ehTrace.dll if this dll is located in a special named folder than .DOC file. The attacker must entice a victim into opening a specially crafted .DOC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Microsoft Windows is prone to a vulnerability that may allow the execution of an arbitrary attacker specified executable file, if this file is located in the same folder as a .THEME file. The attacker must entice a victim into opening a specially crafted .THEME file and go to screensaver tag or push apply and wait default minutes without interaction, with display properties opened. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Microsoft Remote Desktop is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .RDP file. The attacker must entice a victim into opening a specially crafted .RDP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The OLE packager component (packager.dll) of Microsoft Windows will automatically download remote files referenced in embedded OLE objects within Office documents. In the case of .INF installer files, packager.dll will automatically run them without prompting the user. This can be abused to gain arbitrary code execution by creating an Office document with an embedded OLE object containing a reference to a remote INF file with specially crafted commands. This vulnerability can be exploited by convincing an unsuspecting user to open a specially crafted PowerPoint document.
Subscribe to Windows