CVE-2025-21298: Critical Zero-Click Vulnerability in Windows OLE
Overview On January 14, 2025, Microsoft disclosed CVE-2025-21298, a critical vulnerability affecting Windows OLE technology. Assigned a CVSS score of 9.8, this zero-click vulnerability enables attackers to execute arbitrary code on a victim’s system without user interaction, simply through email preview. Vulnerability Details CVE ID: CVE-2025-21298 Description: The vulnerability resides in the UtOlePresStmToContentsStm function within the ole32.dll library. This function is responsible for converting data in an “OlePres” stream into the appropriate format and inserting it into the “CONTENTS” stream within an OLE storage....