|
|
| |
Credit:
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS10-044.mspx
|
| |
Vulnerable Systems:
* Microsoft Office Access 2003 SP3
* Microsoft Office Access 2007 SP1
* Microsoft Office Access 2007 SP2
Issue #1
A remote code execution vulnerability affects Access ActiveX controls when loading a succession of controls into Internet Explorer. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Issue #2
A remote code execution vulnerability affects the ACCWIZ.dll ActiveX control due to a memory corruption error when instantiating the control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Patch Availability:
Microsoft has released a patch to address this vulnerability under MS10-044. For more information please refer to:
http://www.microsoft.com/technet/security/Bulletin/MS10-044.mspx
CVE Information:
CVE-2010-0814
CVE-2010-1881
Disclosure Timeline:
13 Jul 2010 - Published
|
|
|
