CVE-2010-1881

Name of the Vulnerable Software and Affected Versions Microsoft Office Access 2003 SP3

Description A remote code execution issue exists due to improper interaction between the FieldList ActiveX control in Microsoft Access Wizard Controls and the memory-access approach used by Internet Explorer and Office. This allows attackers to execute arbitrary code or cause a denial of service via an HTML document referencing this control along with crafted persistent storage data. An attacker could run arbitrary code as the logged-on user, potentially taking complete control of the affected system if the user has administrative rights.

Recommendations For Microsoft Office Access 2003 SP3, consider disabling the FieldList ActiveX control as a temporary workaround until a patch is available. Restrict access to crafted HTML documents that could reference this control to minimize the risk of exploitation.