An error occurred:

Check: 2010-A-0094

windows 7 iavm: 2010-A-0094 (in version v1 r32)

Title

Multiple Vulnerabilities in Microsoft Office Access (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing two vulnerabilities affecting Microsoft Office Access. To exploit these vulnerabilities, an attacker would entice a user to open a malicious Office file or view a web page that instantiates Access ActiveX controls. If successfully exploited, these vulnerabilities would allow an attacker to compromise affected systems. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Access ActiveX Control Vulnerability- (CVE-2010-0814): A remote code execution vulnerability exists in Access ActiveX controls due to the way that multiple ActiveX controls are loaded by Internet Explorer. This vulnerability exists in the way that Internet Explorer handles memory allocation when instantiating a succession of Access ActiveX controls. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. ACCWIZ.dll Uninitialized Variable Vulnerability - (CVE-2010-1881): A remote code execution vulnerability exists in the way that the FieldList ActiveX control is instantiated by Microsoft Office and Internet Explorer. A memory corruption vulnerability exists in ActiveX controls in the ACCWIZ library that can be taken advantage of by providing a control with specially crafted persisted storage data. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-044 (982335). Vulnerable Applications/Systems: Microsoft Office Access 2003 SP3 Microsoft Office Access 2007 SP1 and SP2 Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Accwiz.dll MS Office Access 2003 11.0.8325.0 MS Office Access 2007 12.0.6535.5005

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-24850

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check