Microsoft VBA vulnerability could allow remote code execution
Report ID: MS201207004
Date Published: 16 July 2012
Compromise Type: remote-code-execution
Compromise From: remote
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Visual Basic for Applications
A vulnerability in Microsoft Visual Basic for Applications (VBA) could allow an attacker to execute arbitrary code on an affected system.
Microsoft has released a security update to address a vulnerability in Microsoft Visual Basic for Applications (VBA) that resulted from placing incorrect restriction on the path used for loading external libraries. Upon successful exploit, an attacker could execute code in the context of a logged-on user and take control of the affected system.
In the latest update, the way that Microsoft VBA loads external libraries has been corrected. Users are recommended to install this update to their system as a protection measure againsts potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-046)