HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-140
Stack Memory Corruption vulnerability in Microsoft Visual Basic for Applications

Original Issue Date: May 12, 2010

Severity Rating:High

System Affected

  • Microsoft Office XP SP 3
  • Microsoft Office 2003 SP 3
  • Microsoft Office 2007 SP 1& SP2
  • Microsoft Visual Basic for Applications
  • Microsoft Visual Basic for Applications SDK

Overview

A one-byte stack overwrite vulnerability has been reported in Microsoft Visual basic for Applications (VBA) that could allow a remote attacker to execute arbitrary code.

Description

This vulnerability is due to a stack memory corruption error in "VBE6.DLL" when searching for ActiveX controls in a document that supports VBA.

A remote attacker can exploit this vulnerability by passing a specially crafted document(Word documents, Excel spreadsheets, or PowerPoint presentations) with embedded ActiveX controls to VBA. Successful exploitation allow the attacker to execute arbitrary code on a vulnerable system.

Note: This bulletin replaces MS08-013

Workarounds

  • Disable ActiveX controls in the 2007 Microsoft Office System
  • Restrict access to VBE6.dll
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.
  • Configure less privilege account for normal users
  • Use caution when opening attachments and accepting file transfers and following links.

For detailed steps of the impact of the workarounds refer Microsoft Security Bulletin MS10-031

Solution

Apply appropriate updates as mentioned in Microsoft Security Bulletin MS10-031

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS10-031.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS10-031.mspx
http://blogs.technet.com/srd/archive/2010/05/11/ms10-031-vbe6-single-byte-stack-overwrite.aspx

VUPEN
http://www.vupen.com/english/advisories/2010/1121

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=20428

SecurityTracker
http://securitytracker.com/alerts/2010/May/1023974.html

Secunia
http://secunia.com/advisories/39663

CVE Name
CVE-2010-0815

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003