CVE-2010-0815
Microsoft Visual Basic for Applications - Remote Code Execution via Crafted Document
Title source: llmDescription
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-131A.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-031
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7074
Scores
EPSS
0.2236
EPSS Percentile
97.4%
Details
CWE
CWE-94
Status
published
Products (7)
microsoft/office
2003 sp3
microsoft/office
2007 sp1 (2 CPE variants)
microsoft/office
xp sp3
microsoft/visual_basic_for_applications
microsoft/visual_basic_sdk
6.3
microsoft/visual_basic_sdk
6.4
microsoft/visual_basic_sdk
6.5
Published
May 12, 2010
Tracked Since
Feb 18, 2026