Microsoft VBA is a development technology for developing client desktop packaged applications which are then integrated into existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based an existing host application.
A remote code execution vulnerability exists in the way Visual Basic for Applications (VBA) checks the document properties that a host application passes to it when opening a document. This vulnerability could allow an attacker who successfully exploited the vulnerability to take complete control of the affected system. As a result it is possible for the host application to pass unchecked parameters to VBA, causing a buffer underrun that could allow for arbitrary codes to be executed. An attacker who successfully exploits this vulnerability can take full control of the affected system.
To exploit this vulnerability, the attacker must convince the target user to open a specially crafted document. These documents can be a Word document, an Excel spreadsheet or a Powerpoint presentation. If the user uses MS Word as the HTML email editor for MS Outlook, the said specially crafted document can be an email message but it is needed to be forwarded or replied to before the vulnerability can be exploited.