ID: 3944
Date: 12/05/2010
Title: 3944 - Microsoft May Security Advisory
Platform level affected:Office Application
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Other software: Office Automation
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Microsoft
Applications affected:Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Office, Microsoft Visual Basic for Applications
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Automated Patch
Source: Microsoft
Reliability of source: Trusted
Source URL: http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx
CVE: CVE-2010-0815, CVE-2010-0816
Abstract: Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.
Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010.
Third-party software that distributes VBE6.DLL may also be affected. If the third-party application follows the best practices for using a shared component as a side-by-side assembly, then the component will be updated by the update provided by MS10-031 Otherwise, you should contact the vendor to obtain an updated version of the application with the fixed VBE6.DLL file. For further information consult the Microsotf advisory at:
http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Wed, 12 May 2010 00:00:00 GMT
Domain affected: Technical