Type Confusion exists in two methods of Ruby’s WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. References: http://www.talosintelligence.com/reports/TALOS-2016-0029/
Statement: This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux or Red Hat Software Collections as they did not include support for OLE.