CVE-2025-21298: Windows OLE Remote Code Execution

Q: Can Windows OLE be exploited via email?

Yes, CVE-2025-21298 enables zero-click code execution via the Outlook preview pane through a use-after-free in Windows OLE affecting all supported Windows versions.

CRITICAL

9.8CRITICAL

Published: 2025-01-14Affected: Microsoft Windows (all supported versions)CWE-416 ↗

Can Windows OLE be exploited via email?

A critical use-after-free vulnerability in Windows OLE (Object Linking and Embedding). Attackers can execute arbitrary code by sending a specially crafted email or document. The vulnerability can be triggered through Outlook preview pane — no user interaction required beyond previewing the email.

Impact & Exploitation

Zero-click exploitation via Outlook preview. Affects all supported Windows versions. Enables complete system compromise through email delivery.

How Precogs AI Detects Windows OLE Remote Code Execution

Precogs AI Binary SAST detects use-after-free patterns in compiled Windows applications and OLE-dependent software, identifying vulnerable code paths in binary artifacts.

Scan for CVE-2025-21298

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2025-21298: Windows OLE Remote Code Execution

Can Windows OLE be exploited via email?

Impact & Exploitation

How Precogs AI Detects Windows OLE Remote Code Execution

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Can Windows OLE be exploited via email?

Impact & Exploitation

How Precogs AI Detects Windows OLE Remote Code Execution

Related Resources

🔍 Related CWE Entries

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?