CVE-2010-0814

Name of the Vulnerable Software and Affected Versions Microsoft Office Access versions 2003 SP3 through 2007 SP2

Description A remote code execution issue exists due to improper interaction between the Microsoft Access Wizard Controls and Internet Explorer's memory-allocation approach during ActiveX control instantiation. This allows attackers to execute arbitrary code via a website referencing multiple ActiveX controls. An attacker who successfully exploits this issue could run arbitrary code as the logged-on user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office Access 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office Access 2007 SP1 and SP2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the use of ActiveX controls in Internet Explorer to minimize the risk of exploitation.