<< Back
CVE Number Vulnerability Product Severity Date
MS10-030 Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) 2007 Microsoft Critical 12-05-2010

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Microsoft Visual Basic for Applications searches for ActiveX controls. This vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Further information on this exploit is available at : MS10-031

Affected Software

2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Visual Basic for Applications
Microsoft Visual Basic for Applications SDK