1. Home
  2. CVE Database
  3. CVE-2010-0815
HIGH · 9.3

CVE-2010-0815

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX co...

Vulnerability Description

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftVisual Basic For ApplicationsAll versions
MicrosoftVisual Basic Sdk6.3
MicrosoftOffice2003

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-0815?

CVE-2010-0815 is a vulnerability with a CVSS score of 9.3 (HIGH). VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX co...

How severe is CVE-2010-0815?

CVE-2010-0815 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0815?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Visual Basic For Applications, Microsoft Visual Basic Sdk, Microsoft Office.