what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 39663

Secunia Security Advisory 39663
Posted May 11, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Visual Basic for Applications (VBA), which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | b5b779f072d00763199410aee8291f8183a358fe895907d0dcb6e2df34ea64fe

Secunia Security Advisory 39663

Change Mirror Download
----------------------------------------------------------------------


Looking for a job?


Secunia is hiring skilled researchers and talented developers.


http://secunia.com/company/jobs/


----------------------------------------------------------------------

TITLE:
Visual Basic for Applications Single-Byte Stack Overwrite
Vulnerability

SECUNIA ADVISORY ID:
SA39663

VERIFY ADVISORY:
http://secunia.com/advisories/39663/

DESCRIPTION:
A vulnerability has been reported in Microsoft Visual Basic for
Applications (VBA), which can be exploited by malicious people to
potentially compromise a user's system.

The vulnerability is caused due to an error in VBE6.dll within some
text parsing code when searching for ActiveX controls in documents
supporting VBA (e.g. an Office document). This can be exploited to
convert a single byte with the value 0x2E outside the bounds of a
buffer to 0x00 via a specially crafted document with embedded ActiveX
controls passed to the VBA runtime.

SOLUTION:
Apply patches.

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=72c23b0f-4e24-4334-bc8a-334adc8bc42b

Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=f8eac9bc-8389-4ac8-8b29-9a8180d9fd34

2007 Microsoft Office System SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=160ad53e-6475-4550-90c2-444e4abea730

Microsoft Visual Basic for Applications:
http://www.microsoft.com/downloads/details.aspx?familyid=436a8a66-352e-44d1-a610-c825083ad24a

Microsoft Visual Basic for Applications SDK:
An updated version is available for independent software vendors from
the Summit Software Company.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits NSFocus Security Team.

ORIGINAL ADVISORY:
MS10-031 (KB974945, KB976321, KB976380, KB976382, KB978213):
http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx

OTHER REFERENCES:
VBE6 Single-Byte Stack Overwrite (blog):
http://blogs.technet.com/srd/archive/2010/05/11/ms10-031-vbe6-single-byte-stack-overwrite.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close