CVE-2010-0815

Name of the Vulnerable Software and Affected Versions Microsoft Office XP SP3 Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 and SP2 Visual Basic for Applications (VBA) versions 6.3 through 6.5 VBA SDK versions 6.3 through 6.5

Description A remote code execution issue exists in the way that Microsoft Visual Basic for Applications searches for ActiveX controls. This could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Office XP SP3, update to a newer version to mitigate the risk. For Microsoft Office 2003 SP3, update to a newer version to mitigate the risk. For 2007 Microsoft Office System SP1 and SP2, update to a newer version to mitigate the risk. For Visual Basic for Applications (VBA) versions 6.3 through 6.5, update to a version later than 6.5 to resolve the issue. For VBA SDK versions 6.3 through 6.5, update to a version later than 6.5 to resolve the issue.