Microsoft VBE6 DLL File Stack Memory Corruption Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	05/12/2010
Severity:	High
Operating Systems Affected:	Microsoft Office XP SP3 Microsoft Office 2003 SP3
Application Affected:	2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Visual Basic for Applications Microsoft Visual Basic for Applications SDK
Identifiers:	CVE-2010-0815

Synopsis

Remote code execution vulnerability exists in Microsoft Visual Basic for Applications.Attacker can successfully exploit this vulnerability and could take complete control of an affected system.

Recommended Actions

Update the patches as guided by vendor at :

http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx

Threat Analysis

Microsoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based around an existing host application.

Recently a remote code execution vulnerability found in it that allows an attacker to successfully exploit this vulnerability and could take complete control of an affected system.

The vulnerability is caused by the way Visual Basic for Applications searches for ActiveX controls in a document that supports VBA. As a result, it is possible for a host application, such as Microsoft Office or a third-party application developed for Visual Basic programmability, to pass a specially crafted document with embedded ActiveX controls to the VBA runtime creating a condition that could allow arbitrary code to be run.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0815

Write-up by: Vikrant