CVE-2011-3400

Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE

Title source: llm

Description

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/19002

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Luigi Auriemma, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms11_093_ole32.rb

View Code ZIP pw:eip

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-347A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14668

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-093

Scores

EPSS 0.8437

EPSS Percentile 99.3%

Details

CWE

CWE-94

Status published

Products (2)

microsoft/windows_server_2003

microsoft/windows_xp (2 CPE variants)

Published Dec 14, 2011

Tracked Since Feb 18, 2026