Lucene search
This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS10-044.NASLHistoryJul 13, 2010 - 12:00 a.m.
MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
2010-07-1300:00:00
This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51
The Access component of Microsoft Office has one or more vulnerable ActiveX controls installed. An attacker could exploit these issues by tricking a user into requesting a malicious web page, resulting in arbitrary code execution.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(47712);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/05");
script_cve_id("CVE-2010-0814", "CVE-2010-1881");
script_bugtraq_id(41442, 41444);
script_xref(name:"MSFT", value:"MS10-044");
script_xref(name:"IAVA", value:"2010-A-0094-S");
script_xref(name:"MSKB", value:"981716");
script_name(english:"MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)");
script_summary(english:"Checks version of Msaccess.exe");
script_set_attribute(
attribute:"synopsis",
value:
"The version of Microsoft Office on the remote Windows host has
multiple code execution vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The Access component of Microsoft Office has one or more vulnerable
ActiveX controls installed. An attacker could exploit these issues by
tricking a user into requesting a malicious web page, resulting in
arbitrary code execution."
);
# https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-044
script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?0f868c7d");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office 2003 and 2007.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/13");
script_set_attribute(attribute:"patch_publication_date", value:"2010/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:access");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("audit.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS10-044';
kbs = make_list("981716");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
access_dirs = get_kb_list_or_exit("SMB/Office/Access/*/Path");
get_kb_item_or_exit('SMB/WindowsVersion');
share = '';
lastshare = '';
accessibleshare = FALSE;
foreach install (keys(access_dirs))
{
access_ver = install - 'SMB/Office/Access/' - '/Path';
access_dir = access_dirs[install];
share = hotfix_path2share(path:access_dir);
if (share != lastshare || !accessibleshare)
{
lastshare = share;
if (!is_accessible_share(share:share))
{
accessibleshare = FALSE;
}
else accessibleshare = TRUE;
}
if (accessibleshare)
{
if (
# Outlook 2003
(
'11.0' >< access_ver &&
hotfix_is_vulnerable(file:"Msaccess.exe", version:"11.0.8321.0", min_version:"11.0.0.0", path:access_dir, bulletin:bulletin, kb:"981716")
) ||
# Outlook 2007
(
'12.0' >< access_ver &&
hotfix_is_vulnerable(file:"Msaccess.exe", version:"12.0.6535.5005", min_version:"12.0.0.0", path:access_dir, bulletin:bulletin, kb:"979440")
)
)
{
vuln++;
}
}
}
hotfix_check_fversion_end();
if (vuln)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');
Related
securityvulns
securityvulns
openvas
openvas
prion
prion
Memory corruption
2010-07-15 12:57:00
Design/Logic Flaw
2010-07-15 12:57:00
seebug
seebug
Microsoft Office Access FieldList ActiveX控件实例化内存破坏漏洞(MS10-044)
2010-07-15 00:00:00
Microsoft Access ActiveX控件实例化远程代码执行漏洞(MS10-044)
2010-07-15 00:00:00
cve
cve
CVE-2010-1881
2010-07-15 12:57:00
CVE-2010-0814
2010-07-15 12:57:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2010-1881
2010-07-14 18:31:00
CVE-2010-0814
2010-07-14 18:31:00
Related for SMB_NT_MS10-044.NASL