Unrated severityNVD Advisory· Published May 12, 2010· Updated Apr 29, 2026

CVE-2010-0815

Description

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

Affected products

Microsoft/Office4 versions
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
Microsoft/Visual Basic For Applications
cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
Microsoft/Visual Basic Sdk3 versions
cpe:2.3:a:microsoft:visual_basic_sdk:6.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:visual_basic_sdk:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic_sdk:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic_sdk:6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.042
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000