CVE-2010-0815
Description
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka VBE6.DLL Stack Memory Corruption Vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
52.228
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Microsoft Office XP (KB976380) | Windows |
| Security Update for Microsoft Office 2003 (KB976382) | Windows |
| Security Update for the 2007 Microsoft Office System (KB976321) x86 based systems | Windows |
| Security Update for the 2007 Microsoft Office System (KB976321) x86 based systems for SP2 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-8483 | Security Update for the 2007 Microsoft Office System (KB976321) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234