Memory Corruption in Microsoft Office Products Due to ActiveX Control Search Flaw
CVE-2010-0815

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic Sdk; Visual Basic For Applications
Vendor: CVE Published:; 12 May 2010

Summary

The VBE6.DLL component in several versions of Microsoft Office fails to adequately search for ActiveX controls embedded in documents. This vulnerability can be exploited by remote attackers who craft specific documents, leading to the execution of arbitrary code on the target system when the document is opened. This poses serious security risks as it allows attackers to potentially compromise systems and access sensitive information.

References

http://www.us-cert.gov/cas/techalerts/TA10-131A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 12, 2010
Vulnerability Reserved
Mar 2, 2010