RULE(RULE ID:311334)

Rule General Information
Release Date: 2020-04-13
Rule Name: Microsoft Access ActiveX Control Code Execution Vulnerability (CVE-2010-0814)
Severity:
CVE ID:
Rule Protection Details
Description: The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux
Reference: MicrosoftSecurityBulletin:ms10-044
http://www.us-cert.gov/cas/techalerts/TA10-194A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11907
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
http://www.microsoft.com/technet/security/Bulletin/MS10-044.mspx