Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-031.
Impact
Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted document.
Impact Level: System/Apllication
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx
Insight
The issue is caused by a stack memory corruption error in 'VBE6.DLL' when searching for ActiveX controls in a document that supports VBA.
Affected
Microsoft Office XP SP3 and prior.
Microsoft Office 2003 SP3 and prior.
Microsoft Visual Basic for Applications.
2007 Microsoft Office System SP2 and prior.
Microsoft Visual Basic for Applications SDK.
References
Severity
Classification
-
CVE CVE-2010-0815 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Cumulative Security Update for Internet Explorer (953838)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)