CVE-2010-1881

CVSS V2 High 9.3 CVSS V3 None
Description
The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
Overview
  • CVE ID
  • CVE-2010-1881
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-07-15T12:57:20
  • Last Modified Date
  • 2018-10-12T21:57:39
Weakness Enumerations
CWE URL
CWE-94 http://cwe.mitre.org/data/definitions/94.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:microsoft:access:2003:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.us-cert.gov/cas/techalerts/TA10-194A.html US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11756
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-1881
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1881
History
Created Old Value New Value Data Type Notes
2022-05-10 18:24:39 Added to TrackCVE