What is CVE-2010-0815?

CVE-2010-0815 is a vulnerability in Microsoft Office, classified under Code Injection. Published 2010-05-12.

Is CVE-2010-0815 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Microsoft Office

CVE-2010-0815

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.522 (98.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions xp, 2007, 2003
Microsoft Visual_basic_for_applications
Microsoft Visual_basic_sdk — versions 6.4, 6.5, 6.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

TA10-131A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS10-031 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:7074 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2010-0815?: CVE-2010-0815 is a vulnerability in Microsoft Office, classified under Code Injection. Published 2010-05-12.
Is CVE-2010-0815 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.