CVE-2010-0815

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-131A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7074

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:visual_basic_for_applications::::::::
	cpe:2.3:a:microsoft:visual_basic_sdk:6.3:::::::*
	cpe:2.3:a:microsoft:visual_basic_sdk:6.4:::::::*
	cpe:2.3:a:microsoft:visual_basic_sdk:6.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:2007:sp2::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::

History

No history.

Information

Published : 2010-05-12 11:46

Updated : 2024-02-04 17:54

NVD link : CVE-2010-0815

Mitre link : CVE-2010-0815

CVE.ORG link : CVE-2010-0815

JSON object : View

Products Affected

microsoft

visual_basic_sdk
office
visual_basic_for_applications

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2010-0815", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-05-12T11:46:50.970", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-031", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7074", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka \"VBE6.DLL Stack Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "VBE6.DLL en Microsoft Office XP SP3, Office 2003 SP3, Microsoft Office System 2007 SP1 y SP2, Visual Basic para Aplicaciones (VBA), y VBA SDK v6.3 a v6.5 no buscan correctamente los controles ActiveX que se incrustan en los documentos, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un documento debidamente modificado. Esta vulnerabilidad tambi\u00e9n es conocida como \"Vulnerabilidad de corrupci\u00f3n de la pila de memoria en VBE6.DLL\"."}], "lastModified": "2018-10-12T21:57:13.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390665EF-39A5-4FB7-93D1-CC5D3DEDEB93"}, {"criteria": "cpe:2.3:a:microsoft:visual_basic_sdk:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B90E100B-FFA9-4B31-8ABE-D38DC11B72D7"}, {"criteria": "cpe:2.3:a:microsoft:visual_basic_sdk:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E66BFF4-84EE-4DB5-A91C-775A9524825D"}, {"criteria": "cpe:2.3:a:microsoft:visual_basic_sdk:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C112867-E1CA-4484-A6A1-EDEB36867F1D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}