----------------------------------------------------------------------


Looking for a job?


Secunia is hiring skilled researchers and talented developers.


http://secunia.com/company/jobs/


----------------------------------------------------------------------

TITLE:
Visual Basic for Applications Single-Byte Stack Overwrite
Vulnerability

SECUNIA ADVISORY ID:
SA39663

VERIFY ADVISORY:
http://secunia.com/advisories/39663/

DESCRIPTION:
A vulnerability has been reported in Microsoft Visual Basic for
Applications (VBA), which can be exploited by malicious people to
potentially compromise a user's system.

The vulnerability is caused due to an error in VBE6.dll within some
text parsing code when searching for ActiveX controls in documents
supporting VBA (e.g. an Office document). This can be exploited to
convert a single byte with the value 0x2E outside the bounds of a
buffer to 0x00 via a specially crafted document with embedded ActiveX
controls passed to the VBA runtime.

SOLUTION:
Apply patches.

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=72c23b0f-4e24-4334-bc8a-334adc8bc42b

Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=f8eac9bc-8389-4ac8-8b29-9a8180d9fd34

2007 Microsoft Office System SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=160ad53e-6475-4550-90c2-444e4abea730

Microsoft Visual Basic for Applications:
http://www.microsoft.com/downloads/details.aspx?familyid=436a8a66-352e-44d1-a610-c825083ad24a

Microsoft Visual Basic for Applications SDK:
An updated version is available for independent software vendors from
the Summit Software Company.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits NSFocus Security Team.

ORIGINAL ADVISORY:
MS10-031 (KB974945, KB976321, KB976380, KB976382, KB978213):
http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx

OTHER REFERENCES:
VBE6 Single-Byte Stack Overwrite (blog):
http://blogs.technet.com/srd/archive/2010/05/11/ms10-031-vbe6-single-byte-stack-overwrite.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------