CVE-2010-0252 Information

Description

The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4 Windows XP SP2 and SP3 Windows Server 2003 SP2 Windows Vista Gold SP1 and SP2 Windows Server 2008 Gold SP2 and R2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the \system state\ aka \Microsoft Data Analyzer ActiveX Control Vulnerability.\

Reference

http://secunia.com/advisories/38503 http://secunia.com/advisories/40059 http://www.us-cert.gov/cas/techalerts/TA10-040A.html http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8424