Lucene search

[email protected]CVE-2010-0814

HistoryJul 15, 2010 - 12:57 p.m.

CVE-2010-0814

2010-07-1512:57:20

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-0814

microsoft

access

accwiz.dll

office

remote code execution

activex control vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON

The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka “Access ActiveX Control Vulnerability.”

Affected configurations

NVD

Node

microsoftaccessMatch2003sp3

AND

microsoftofficeMatch2003sp3

Node

microsoftaccessMatch2007sp1

microsoftaccessMatch2007sp2

AND

microsoftofficeMatch2007sp1

microsoftofficeMatch2007sp2

CPENameOperatorVersion
microsoft:accessmicrosoft accesseq2003

CPE	Name	Operator	Version
microsoft:access	microsoft access	eq	2003

References

www.us-cert.gov/cas/techalerts/TA10-194A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11907

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2010-0814

zdi1 checkpoint_advisories2 prion1 seebug1 cvelist1 securityvulns3 nvd1 nessus1 openvas2