we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability alert CVE-2010-0815

Microsoft Office: code execution via Visual Basic for Applications

Synthesis of the vulnerability

An attacker can invite the victim to open an Office document containing VB code and an ActiveX, in order to execute code on his computer.
Impacted products: Office, Access, Excel, Microsoft FrontPage, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Creation date: 11/05/2010.
Identifiers: 978213, BID-39931, CERTA-2010-AVI-206, CVE-2010-0815, MS10-031, VIGILANCE-VUL-9636.

Description of the vulnerability

An Office document can contain VB code, which is interpreted by Visual Basic for Applications, managed by the VBE6.DLL library.

Visual Basic for Applications does not correctly manage the loading order of ActiveX. An Office document can thus contain a malicious ActiveX, and a VB code loading this ActiveX, and corrupting one byte in the memory.

An attacker can therefore invite the victim to open an Office document containing VB code and an ActiveX, in order to execute code on his computer.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability workaround. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.