| VID |
26515 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-044, 982335) for 'Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution' has not been applied.
This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls.The update addresses the vulnerabilities by updating specific Access ActiveX controls and by modifying the way memory is accessed by Microsoft Office and by Internet Explorer when loading Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms10-044.mspx
* Platforms Affected:
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2 |
| Recommendation |
Apply the appropriate patch as listed in Microsoft's security bulletin MS10-044 at http://www.microsoft.com/technet/security/bulletin/MS10-044.asp
1. Open the following page :
for Access 2002, http://microsoft.com/downloads/details.aspx?FamilyId=B50D4863-1BBE-4009-9DF8-52D3A916D54F&displaylang=en
http://microsoft.com/office/ork/xp/journ/snpv1001a.htm (administrative update only)
for Access 2000, http://microsoft.com/downloads/details.aspx?FamilyId=F6CB9C8E-16E3-422D-86DD-7ED5671FB8D4&displaylang=en.
http://www.microsoft.com/office/ork/xp/journ/snpv0901a.htm (administrative update only)
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
for Access 97, Install the updated stand-alone Snapshot Viewer control. To do so, visit the following Microsoft Web site: http://www.microsoft.com/AccessDev/Articles/snapshot.htm
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web ste, http://windowsupdate.microsoft.com.
Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2010-0814,CVE-2010-1881 (CVE) |
| Related URL |
41442,41444 (SecurityFocus) |
| Related URL |
(ISS) |
|
