CVE-2010-0815

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic Sdk; Visual Basic For Applications
Vendor: CVE Published:; 12 May 2010

Summary

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

References

http://www.us-cert.gov/cas/techalerts/TA10-131A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 12, 2010
Vulnerability Reserved
Mar 2, 2010

Collectors

NVD DatabaseMitre Database