Filtered by vendor Microsoft
Subscriptions
Filtered by product Access
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0788 | 1 Microsoft | 2 Access, Word | 2025-04-03 | N/A |
| The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. | ||||
| CVE-2003-0665 | 1 Microsoft | 1 Access | 2025-04-03 | N/A |
| Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. | ||||
| CVE-2000-0419 | 1 Microsoft | 10 Access, Excel, Frontpage and 7 more | 2025-04-03 | N/A |
| The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | ||||
| CVE-2021-28455 | 1 Microsoft | 23 365 Apps, Access, Office and 20 more | 2024-11-21 | 8.8 High |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | ||||
| CVE-2020-1582 | 1 Microsoft | 3 365 Apps, Access, Office | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory. | ||||
| CVE-2020-0760 | 1 Microsoft | 10 Access, Excel, Office and 7 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | ||||
| CVE-2018-8312 | 1 Microsoft | 2 Access, Office | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | ||||
| CVE-2018-0903 | 1 Microsoft | 2 Access, Office | 2024-11-21 | N/A |
| Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". | ||||