VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-0815

visual_basic_for_applications, visual_basic_sdk, office: VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0815

Original

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-12

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-12

Affected Product Tags

cpe:/a:microsoft:office:2003:sp3

cpe:/a:microsoft:office:2007:sp1

cpe:/a:microsoft:office:2007:sp2

cpe:/a:microsoft:office:xp:sp3

cpe:/a:microsoft:visual_basic_for_applications

cpe:/a:microsoft:visual_basic_sdk:6.3

cpe:/a:microsoft:visual_basic_sdk:6.4

cpe:/a:microsoft:visual_basic_sdk:6.5

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

MS MS10-031

Vulnerability Type Code Injection (CWE-94)