Oval Definition:	oval:org.mitre.oval:def:11907
Revision Date: 2013-12-16 Version: 8 Title: Access ActiveX Control Vulnerability Description: The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2010-0814 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Access 2003 Microsoft Access 2007 Definition Synopsis Vulnerable Access 2003 Access 2003 SP3 or greater is installed AND Accwiz.dll version is less than 11.0.8325.0 AND Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Access\InstallRoot!Path exists OR Vulnerable Access 2007 Microsoft Access 2007 is installed AND MSACCESS.EXE version is less than 12.0.6535.5005
BACK