Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Access security vulnerabilities
Published:14.07.2010
Source:
SecurityVulns ID:10992
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability.")
 CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability.")
Original documentdocumentZDI, ZDI-10-117: Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability (14.07.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) (14.07.2010)
Files:Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod