CVE-2010-0815

2010-05-1211:46:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-0815

vbe6.dll

microsoft office

remote code execution

crafted document

security vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.922 High

EPSS

Percentile

98.9%

JSON

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka “VBE6.DLL Stack Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visual_basic_sdkmicrosoft visual basic sdkeq6.3
microsoft:visual_basic_sdkmicrosoft visual basic sdkeq6.4
microsoft:visual_basic_for_applicationsmicrosoft visual basic for applicationseq*
microsoft:visual_basic_sdkmicrosoft visual basic sdkeq6.5
microsoft:officemicrosoft officeeqxp
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2003

CPE	Name	Operator	Version
microsoft:visual_basic_sdk	microsoft visual basic sdk	eq	6.3
microsoft:visual_basic_sdk	microsoft visual basic sdk	eq	6.4
microsoft:visual_basic_for_applications	microsoft visual basic for applications	eq	*
microsoft:visual_basic_sdk	microsoft visual basic sdk	eq	6.5
microsoft:office	microsoft office	eq	xp
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2003