Microsoft Office AccWizObjects code execution (CompoundFile_ReleaseAfterFree_Exec)

About this signature or vulnerability

Proventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This signature will fire when a vulnerable COM control is detected within a Microsoft Office document.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Network IPS: XPU 30.050, Proventia Desktop: 2520, RealSecure Network: XPU 30.050, RealSecure Server Sensor: XPU 30.050, Proventia Network MFS: XPU 30.050, Proventia-G 1.1 and earlier: XPU 30.050, Proventia Network IDS: XPU 30.050, IBM Security Server Protection for Windows: 2.1.14.2520, IBM Security Server Protection for Windows: 2.0.300.2520, Virtual Server Protection for Vmware: XPU 30.050, Proventia Server IPS for Linux technology: 30.050

Systems affected

Microsoft Office: 2003 SP3

Type

Unauthorized Access Attempt

Vulnerability description

Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in the ACCWIZ library when the AccWizObjects ActiveX control (ACCWIZ.DLL) is instantiated by Microsoft Office and Internet Explorer. By persuading a victim to visit a specially-crafted Web page that contains malicious Office ActiveX controls, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS10-044. See References.

References

Microsoft Security Bulletin MS10-044
Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
http://www.microsoft.com/technet/security/bulletin/ms10-044.mspx

IBM Internet Security Systems Protection Advisory
ACCWIZ Release-After-Free Remote Code Execution Vulnerability
http://www.iss.net/threats/371.html

ISS X-Force
Microsoft Office AccWizObjects code execution
http://www.iss.net/security_center/static/56808.php

CVE
CVE-2010-1881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1881