(MS10-044) Microsoft Office ACCWIZ.dll Uninitialized Variable Vulnerability (982335)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Website with malicious content

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
Additional Resources

Overview

A vulnerability exists in Microsoft Office that could result in remote code execution.

A vulnerability exists in Microsoft Office that could result in remote code execution. The vulnerability is in the way that the AccWizObjects ActiveX control is instantiated by Microsoft Office and Internet Explorer. Successful exploitation of the vulnerability could allow an attacker to run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, the attacker could take complete control of the targeted system.

Attack Vector

Website with malicious content

User Interaction

user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Office 2003 SP3,

Timeline

2010-07-13

Vendor has provided a patch.

Recommendations

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-044.mspx

Recommendations McAfee Product Mitigation

Additional Resources

(MS10-044) Microsoft Office ACCWIZ.dll Uninitialized Variable Vulnerability (982335)
http://www.microsoft.com/technet/security/bulletin/ms10-044.mspx