MS10-031: Vulnerability in Microsoft Visual Basic for Applications could allow remote code execution

INTRODUCTION

Microsoft has released security bulletin MS10-031. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:

976380 MS10-031: Description of the security update for Office XP: May 11, 2010

976382 MS10-031: Description of the security update for Office 2003: May 11, 2010

976321 MS10-031: Description of the security update for the 2007 Office system: May 11, 2010

974945 MS10-031: Description of the security update for Microsoft Visual Basic for Applications runtime: May 11, 2010

Frequently asked Questions

Q: This security update applies only to Microsoft software. How can I determine whether third-party applications have deployed an affected version of the Visual Basic for Applications runtime (VBE6.DLL) on my system?



A: Third-party applications that support VBA could deploy VBE6.DLL in a location that is not updated by this security update. In the case that you do have a third-party application that installed its own copy of VBE6.DLL, to help ensure that your system has improved protection from the vulnerability described in this bulletin, you should contact the developer or vendor responsible for support for the third-party application directly.



To create a list of copies of the vbe6.dll file on the hard disk, at an elevated command prompt, type the following commands and press ENTER after each command:
cd \

dir /a /s vbe6.dll >>c:\vbe6list.txt
Note If there are multiple partitions on the system, you may need to run these commands for each partition.

Security update replacement information

This security update replaces the following security updates:
921645 MS06-047: Vulnerability in Microsoft Visual Basic for Applications could allow remote code execution

947108 MS08-013: Vulnerability in Microsoft Office could allow remote code execution

Properties

Article ID: 978213 - Last Review: May 8, 2012 - Revision: 1

Feedback