Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-0815 | First vendor Publication | 2010-05-12 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0815 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7074 | |||
| Oval ID: | oval:org.mitre.oval:def:7074 | ||
| Title: | VBE6.DLL Stack Memory Corruption Vulnerability | ||
| Description: | VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0815 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Visual Basic for Applications |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 1 | |
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-13 | Name : Microsoft Visual Basic Remote Code Execution Vulnerability (978213) File : nvt/secpod_ms10-031.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 64529 | Microsoft Visual Basic for Applications VBE6.dll Single-Byte Stack Overwrite |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-09-12 | Microsoft VBE6.dll stack corruption attempt RuleID : 50959 - Revision : 1 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft VBE6.dll stack corruption attempt RuleID : 16593 - Revision : 16 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-05-11 | Name : Arbitrary code can be executed on the remote host through Visual Basic for Ap... File : smb_nt_ms10-031.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:08:36 |
|
| 2024-11-28 12:21:19 |
|
| 2021-05-04 12:11:12 |
|
| 2021-04-22 01:11:46 |
|
| 2020-05-23 00:25:23 |
|
| 2018-10-13 00:22:55 |
|
| 2017-09-19 09:23:40 |
|
| 2016-04-26 19:37:40 |
|
| 2014-02-17 10:54:10 |
|
| 2014-01-19 21:26:40 |
|
| 2013-05-10 23:19:32 |
|
