1 results (0.011 seconds)

CVSS: 9.3EPSS: 80%CPEs: 8EXPL: 0

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." VBE6.DLL en Microsoft Office XP SP3, Office 2003 SP3, Microsoft Office System 2007 SP1 y SP2, Visual Basic para Aplicaciones (VBA), y VBA SDK v6.3 a v6.5 no buscan correctamente los controles ActiveX que se incrustan en los documentos, lo que permite a atacantes remotos ejecutar código arbitrario mediante un documento debidamente modificado. Esta vulnerabilidad también es conocida como "Vulnerabilidad de corrupción de la pila de memoria en VBE6.DLL". • http://www.us-cert.gov/cas/techalerts/TA10-131A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7074 • CWE-94: Improper Control of Generation of Code ('Code Injection') •