This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-01-01
Product Access Last view 2020-08-17
Version 2007 Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:* 6
cpe:2.3:a:microsoft:access:2016:*:*:*:*:*:*:* 5
cpe:2.3:a:microsoft:access:2013:sp1:*:*:*:*:*:* 5
cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:*:* 4
cpe:2.3:a:microsoft:access:2007:sp3:*:*:*:*:*:* 4
cpe:2.3:a:microsoft:access:2013:*:*:*:*:*:x64:* 3
cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:* 3
cpe:2.3:a:microsoft:access:2013:*:*:*:*:x86:*:* 3
cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:*:x64:* 3
cpe:2.3:a:microsoft:access:2010:sp1:*:*:*:*:x64:* 3
cpe:2.3:a:microsoft:access:2010:sp1:*:*:*:x86:*:* 3
cpe:2.3:a:microsoft:access:2010:sp2:*:*:*:x86:*:* 3
cpe:2.3:a:microsoft:access:2003:sp3:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:access:97:*:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:access:2007:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:*:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2002:sp2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2002:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2000:sp2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2000:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2000:sp3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2007:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:access:2007:sp2:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.8 2020-08-17 CVE-2020-1582

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.

8.8 2020-04-15 CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

7.8 2018-07-10 CVE-2018-8312

A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.

7.8 2018-03-14 CVE-2018-0903

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".

9.3 2015-11-11 CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

9.3 2013-09-11 CVE-2013-3157

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155.

9.3 2013-09-11 CVE-2013-3156

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability."

9.3 2013-09-11 CVE-2013-3155

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157.

9.3 2010-07-15 CVE-2010-1881

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."

9.3 2010-07-15 CVE-2010-0814

The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."

7.5 2008-07-07 CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

9.3 2008-03-06 CVE-2008-1200

Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.

5.8 2007-12-14 CVE-2007-6357

Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.

9.3 2007-02-02 CVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

9.3 2006-10-10 CVE-2006-3877

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.

7.5 2003-10-20 CVE-2003-0665

Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.

10 2000-10-20 CVE-2000-0788

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

7.5 2000-05-11 CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

10 1999-01-01 CVE-1999-0364

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.

CWE : Common Weakness Enumeration

%idName
50% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
37% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
12% (1) CWE-264 Permissions, Privileges, and Access Controls

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:568 PowerPoint Malformed Record Memory Corruption Vulnerability
oval:org.mitre.oval:def:220 Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability
oval:org.mitre.oval:def:301 Excel Malformed Record Vulnerability
oval:org.mitre.oval:def:11907 Access ActiveX Control Vulnerability
oval:org.mitre.oval:def:11756 ACCWIZ.dll Uninitialized Variable Vulnerability
oval:org.mitre.oval:def:18624 Access Memory Corruption Vulnerability (CVE-2013-3155) - MS13-074
oval:org.mitre.oval:def:18442 Access File Format Memory Corruption Vulnerability (CVE-2013-3156) - MS13-074
oval:org.mitre.oval:def:18664 Access Memory Corruption Vulnerability (CVE-2013-3157) - MS13-074

Open Source Vulnerability Database (OSVDB)

id Description
66295 Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution
66294 Microsoft Office Access AccWizObjects ActiveX Remote Code Execution
47004 Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Di...
44150 Microsoft Access Crafted MDB File Handling Overflow
43068 Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution
31901 Microsoft Office Unspecified String Handling Arbitrary Code Execution
29448 Microsoft PowerPoint Crafted File Unspecified Code Execution
10998 Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution
5887 Microsoft Access 97 Cleartext Password Storage
5171 Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
1505 Microsoft Word Mail Merge Arbitrary Command Execution
1328 Microsoft Office 2000 UA Control

OpenVAS Exploits

id Description
2010-07-14 Name : MS Office Access ActiveX Controls Remote Code Execution Vulnerabilities(982335)
File : nvt/secpod_ms10-044.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-B-0099 Multiple Remote Code Execution Vulnerabilities in Microsoft Access
Severity: Category II - VMSKEY: V0040287
2010-A-0094 Multiple Vulnerabilities in Microsoft Office Access
Severity: Category II - VMSKEY: V0024850

Snort® IPS/IDS

Date Description
2019-04-02 Microsoft Access arbitrary code execution attempt
RuleID : 49300 - Type : FILE-OFFICE - Revision : 3
2019-04-02 Microsoft Access arbitrary code execution attempt
RuleID : 49299 - Type : FILE-OFFICE - Revision : 3
2019-03-28 Microsoft Access arbitrary code execution attempt
RuleID : 49286 - Type : FILE-OFFICE - Revision : 3
2019-03-28 Microsoft Access arbitrary code execution attempt
RuleID : 49285 - Type : FILE-OFFICE - Revision : 2
2018-04-12 Microsoft Access remote code execution attempt
RuleID : 45884 - Type : FILE-OFFICE - Revision : 2
2018-04-12 Microsoft Access remote code execution attempt
RuleID : 45883 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36721 - Type : FILE-OFFICE - Revision : 3
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36720 - Type : FILE-OFFICE - Revision : 3
2015-03-24 Microsoft Office Access multiple control instantiation memory corruption attempt
RuleID : 33548 - Type : BROWSER-PLUGINS - Revision : 2
2014-11-16 Microsoft Access memory corruption attempt
RuleID : 31537 - Type : FILE-OFFICE - Revision : 3
2014-11-16 Microsoft Access memory corruption attempt
RuleID : 31536 - Type : FILE-OFFICE - Revision : 3
2014-11-16 Microsoft Access memory corruption attempt
RuleID : 31535 - Type : FILE-OFFICE - Revision : 3
2014-11-16 Microsoft Access memory corruption attempt
RuleID : 31534 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Access Wizard control memory corruption ActiveX clsid access
RuleID : 19141 - Type : FILE-OFFICE - Revision : 14
2014-01-10 Microsoft Office Drawing Record msofbtOPT Code Execution attempt
RuleID : 17579 - Type : FILE-OFFICE - Revision : 16
2014-01-10 Microsoft Office Access ACCWIZ library release after free attempt - 2
RuleID : 17039 - Type : FILE-OFFICE - Revision : 15
2014-01-10 Microsoft Office Access ACCWIZ library release after free attempt - 1
RuleID : 17038 - Type : FILE-OFFICE - Revision : 15
2014-01-10 Microsoft Office Access multiple control instantiation memory corruption attempt
RuleID : 17037 - Type : BROWSER-PLUGINS - Revision : 13

Nessus® Vulnerability Scanner

id Description
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: It is possible to execute arbitrary code on the remote host through Microsoft...
File: smb_nt_ms13-074.nasl - Type: ACT_GATHER_INFO
2010-07-13 Name: The version of Microsoft Office on the remote Windows host has multiple code ...
File: smb_nt_ms10-044.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms_office_feb2006.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: Arbitrary code can be executed on the remote host through Microsoft Office.
File: smb_nt_ms07-015.nasl - Type: ACT_GATHER_INFO
2006-10-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms_office_oct2006.nasl - Type: ACT_GATHER_INFO
2006-10-10 Name: Arbitrary code can be executed on the remote host through Microsoft PowerPoint.
File: smb_nt_ms06-058.nasl - Type: ACT_GATHER_INFO