CVE-2010-0814
Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
El Microsoft Access Wizard Controls en ACCWIZ.dll en Microsoft Office Access 2003 SP3 y 2007 SP1 y SP2 no interactúa correctamente con la asignación de memoria usada por Internet Explorer durante la instanciación, el cual permite a atacantes remotos ejecutar código arbitrario mediante un sitio web que referencia múltiples controles ActiveX, como lo demuestra los controles ImexGrid y FieldList, también conocido como "Vulnerabilidad de control de acceso ActiveX".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required in that a user must browse to a malicious website.
The specific flaws exists in the instantiation of three specific ActiveX controls. The combination of loading all three controls in a particular order results in a transfer of control to unallocated memory which can be leveraged by remote attackers to execute arbitrary code under the context of the currently logged in user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-02 CVE Reserved
- 2010-07-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA10-194A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11907 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2003 Search vendor "Microsoft" for product "Access" and version "2003" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Safe
|
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Access Search vendor "Microsoft" for product "Access" | 2007 Search vendor "Microsoft" for product "Access" and version "2007" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp2 |
Safe
|