Reported February 8, 2005 by Microsoft
A vulnerability in the way memory is accessed when processing COM-based storage files could allow the locally logged on user to take complete control of the OS.
A vulnerability in the way OLE processes input validation could allow a remote intruder to execute code on a user's system. A successful exploit could allow the intruder to take complete control of the user's system.
Microsoft has released
Security Bulletin MS05-012, "Vulnerability
in OLE and COM Could Allow Remote Code Execution (873333),"
and a patch to correct the problem.
Cesar Cerrudo of Application Security