Signature Detail
Short Name |
HTTP:STC:DL:VBA-MEM-CORRUPT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Visual Basic for Applications Stack Memory Corruption |
Release Date |
2010/05/11 |
Update Number |
1678 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Visual Basic for Applications Stack Memory Corruption
This signature detects attempts to exploit a known vulnerability in the Microsoft Visual Basic for Applications Library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Microsoft Visual Basic for Applications (VBA) is prone to a remote stack-based buffer-overflow vulnerability because of an error related to searching for embedded ActiveX controls within a Microsoft Office document. An attacker could exploit this issue to corrupt stack memory and execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use VBA.
Affected Products
- IBM CATIA V5 Release 18
- IBM CATIA V5 Release 18
- IBM CATIA V5 Release 19
- Microsoft Office 2003 SP1
- Microsoft Office 2003 SP2
- Microsoft Office 2003 SP3
- Microsoft Office 2003
- Microsoft Office 2007 SP1
- Microsoft Office 2007 SP2
- Microsoft Office 2007
- Microsoft Office XP SP1
- Microsoft Office XP SP2
- Microsoft Office XP SP3
- Microsoft Office XP
- Microsoft Visual Basic for Applications
- Microsoft Visual Basic for Applications SDK 6.0
References
- BugTraq: 39931
- CVE: CVE-2010-0815
- URL: http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx