Vulnerability Bulletins |
Ejecución remota de código en Visual Basic for Applications |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Office XP SP3 Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2 Visual Basic for Applications (VBA) VBA SDK 6.3 - 6.5 |
Description |
|
|
Se ha encontrado una vulnerabilidad Visual Basic for Applications. La vulnerabilidad reside en un error en "VBE6.DLL", a la hora de buscar controles ActiveX incrustados en documentos. Un un atacante remoto podrían ejecutar código arbitrario mediante la manipulación de un documento que produciría una corrupción de la memoria de pila. Este boletín sustituye al MS08-013 y MS06-047. |
|
Solution |
|
|
Actualización de software Microsoft (MS10-031) Microsoft Office XP Service Pack 3 / patch officexp-KB976380-FullFile-ENU Microsoft Office 2003 Service Pack 3 / patch office2003-KB976382-FullFile-ENU 2007 Microsoft Office System Service Pack 1 y 2 / patch office2007-kb976321-fullfile-x86-glb Microsoft Visual Basic for Applications / patch VBA65-KB974945-x86-ENU http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2010-0815 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS10-031) http://www.microsoft.com/technet/security/bulletin/MS10-031.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-05-17 |