Lucene search

[email protected]CVE-2010-0814

HistoryJul 15, 2010 - 12:57 p.m.

CVE-2010-0814

2010-07-1512:57:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-0814

microsoft

access

accwiz.dll

office

remote code execution

activex control vulnerability

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

98.9%

JSON

The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka “Access ActiveX Control Vulnerability.”

CPENameOperatorVersion
microsoft:accessmicrosoft accesseq2003
microsoft:accessmicrosoft accesseq2007

CPE	Name	Operator	Version
microsoft:access	microsoft access	eq	2003
microsoft:access	microsoft access	eq	2007

References

www.us-cert.gov/cas/techalerts/TA10-194A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11907

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2010-0814

checkpoint_advisories2 securityvulns3 seebug1 prion1 zdi1 nessus1 openvas2