{"vuid":"VU#159484","idnumber":"159484","name":"Microsoft Visual Basic for Applications buffer overflow","keywords":["Microsoft","Visual Basic for Applications","VBA","remote code execution","document properties","ms06-aug"],"overview":"Microsoft Visual Basic for Applications fails to properly validate document properties. This vulnerability could allow a remote attacker to execute arbitrary code.","clean_desc":"Visual Basic For Applications (VBA) According to Microsoft Security Bulletin MS06-047: Microsoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based around an existing host application. The Problem Microsoft VBA fails to properly validate document properties allowing a buffer overflow to occur. For more information refer to Microsoft Security Bulletin MS06-047.","impact":"A remote attacker may be able to execute arbitrary code.","resolution":"Apply an update\nThis vulnerability is addressed in Microsoft Security Bulletin MS06-0047.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nMS06-0047. Microsoft credits \nKa Chun Leung of \nSymantec\n with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","4","7",".","m","s","p","x"],"cveids":["CVE-2006-3649"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-08-08T18:11:30Z","publicdate":"2006-08-08T00:00:00Z","datefirstpublished":"2006-08-08T21:22:19Z","dateupdated":"2006-08-08T21:22:38Z","revision":5,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}