Known issues and additional information about this security update
For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:
976380 MS10-031: Description of the security update for Office XP: May 11, 2010
976382 MS10-031: Description of the security update for Office 2003: May 11, 2010
976321 MS10-031: Description of the security update for the 2007 Office system: May 11, 2010
974945 MS10-031: Description of the security update for Microsoft Visual Basic for Applications runtime: May 11, 2010
Frequently asked Questions
Q: This security update applies only to Microsoft software. How can I determine whether third-party applications have deployed an affected version of the Visual Basic for Applications runtime (VBE6.DLL) on my system?
A: Third-party applications that support VBA could deploy VBE6.DLL in a location that is not updated by this security update. In the case that you do have a third-party application that installed its own copy of VBE6.DLL, to help ensure that your system has improved protection from the vulnerability described in this bulletin, you should contact the developer or vendor responsible for support for the third-party application directly.
To create a list of copies of the vbe6.dll file on the hard disk, at an elevated command prompt, type the following commands and press ENTER after each command:
cd \ dir /a /s vbe6.dll >>c:\vbe6list.txt
Note If there are multiple partitions on the system, you may need to run these commands for each partition.
Security update replacement information
This security update replaces the following security updates:
921645 MS06-047: Vulnerability in Microsoft Visual Basic for Applications could allow remote code execution
947108 MS08-013: Vulnerability in Microsoft Office could allow remote code execution
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service dos