Lucene search

[email protected]CVE-2010-1881

HistoryJul 15, 2010 - 12:57 p.m.

CVE-2010-1881

2010-07-1512:57:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-1881

accwiz.dll

microsoft access

activex

remote code execution

denial of service

memory corruption

vulnerability

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

99.1%

JSON

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka “ACCWIZ.dll Uninitialized Variable Vulnerability.”

CPENameOperatorVersion
microsoft:accessmicrosoft accesseq2003

CPE	Name	Operator	Version
microsoft:access	microsoft access	eq	2003

References

www.us-cert.gov/cas/techalerts/TA10-194A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11756

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2010-1881

prion1 checkpoint_advisories1 seebug1 securityvulns2 nessus1 openvas2