| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-030 | Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) | 2007 Microsoft | Critical | 12-05-2010 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that Microsoft Visual Basic for Applications searches for ActiveX controls. This vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS10-031
Affected Software
2007 Microsoft Office System Service Pack 12007 Microsoft Office System Service Pack 2
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Visual Basic for Applications
Microsoft Visual Basic for Applications SDK