Release DateMay 12, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a stack-based memory-corruption vulnerability in Microsoft Windows.The vulnerability is caused by an error when VBE6.DLL is referenced by a malformed Office document. It may allow remote attackers to execute arbitrary code by sending a specially crafted Office document. |
Affected ProductsMicrosoft Office XP Service Pack 3Microsoft Office 2003 Service Pack 3 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2 Microsoft Visual Basic for Applications Microsoft Visual Basic for Applications SDK |
Recommended ActionsRefer to the vendor's web site for the suggested workaround:http://www.microsoft.com/technet/security/Bulletin/ms10-031.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-0815 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS10-031.mspx (MS-ID) |
