CVE-2010-0815

Microsoft Visual Basic for Applications - Remote Code Execution via Crafted Document

Title source: llm
STIX 2.1

Description

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-131A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7074

Scores

EPSS 0.2236
EPSS Percentile 97.4%

Details

CWE
CWE-94
Status published
Products (7)
microsoft/office 2003 sp3
microsoft/office 2007 sp1 (2 CPE variants)
microsoft/office xp sp3
microsoft/visual_basic_for_applications
microsoft/visual_basic_sdk 6.3
microsoft/visual_basic_sdk 6.4
microsoft/visual_basic_sdk 6.5
Published May 12, 2010
Tracked Since Feb 18, 2026