About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE (Object Linking and Embedding) is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this technology is embedding an Excel table in a Word document.
What is this vulnerability about? The attacker’s code executes when a specially crafted RTF document is opened or when a malicious email is opened or previewed in Microsoft Outlook. In the second case, no action is required from the victim other than clicking on the message. 🤷♂️ Microsoft recommends viewing messages in Outlook only in plain text.
On January 20, an exploit PoC appeared on GitHub that demonstrates Memory Corruption when opening an RTF document. Now we are waiting for an RCE exploit for Outlook. 😉
There have been no reports of attacks yet.
Fix this vulnerability ASAP!
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.