Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310902218HistoryJul 14, 2010 - 12:00 a.m.
MS Office Access ActiveX Controls Remote Code Execution Vulnerabilities (982335)
2010-07-1400:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
15
6.3 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.935 High
EPSS
Percentile
99.1%
This host is missing a critical security update according to
Microsoft Bulletin MS10-044.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902218");
script_version("2024-02-26T14:36:40+0000");
script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
script_tag(name:"creation_date", value:"2010-07-14 10:07:03 +0200 (Wed, 14 Jul 2010)");
script_cve_id("CVE-2010-0814", "CVE-2010-1881");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("MS Office Access ActiveX Controls Remote Code Execution Vulnerabilities (982335)");
script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/1799");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_office_products_version_900032.nasl");
script_mandatory_keys("MS/Office/Ver", "SMB/Office/Access/Version");
script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to compromise a
vulnerable system by tricking a user into visiting a specially crafted
web page.");
script_tag(name:"affected", value:"Microsoft Office Access 2003/2007.");
script_tag(name:"insight", value:"The flaws are caused by a memory corruption and an uninitialized variable
within 'ACCWIZ.dll' (Microsoft Access Wizard Controls) ActiveX control.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"summary", value:"This host is missing a critical security update according to
Microsoft Bulletin MS10-044.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
accVer = get_kb_item("SMB/Office/Access/Version");
if(!accVer){
exit(0);
}
if(version_in_range(version:accVer, test_version:"11.0", test_version2:"11.0.8320") ||
version_in_range(version:accVer, test_version:"12.0", test_version2:"12.0.6535.5004")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
Related
nessus
nessus
securityvulns
securityvulns
openvas
openvas
prion
prion
Memory corruption
2010-07-15 12:57:00
Design/Logic Flaw
2010-07-15 12:57:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Office Access FieldList ActiveX控件实例化内存破坏漏洞(MS10-044)
2010-07-15 00:00:00
Microsoft Access ActiveX控件实例化远程代码执行漏洞(MS10-044)
2010-07-15 00:00:00
cve
cve
CVE-2010-1881
2010-07-15 12:57:00
CVE-2010-0814
2010-07-15 12:57:00
6.3 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.935 High
EPSS
Percentile
99.1%
Related for OPENVAS:1361412562310902218