cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49142,https://securityvulnerability.io/vulnerability/CVE-2024-49142,Microsoft Access Remote Code Execution Vulnerability,"The vulnerability in Microsoft Access allows for remote code execution, enabling an attacker to execute arbitrary code on the user's system. This security flaw can be exploited when a user opens a specially crafted Access file. Successful exploitation can result in unauthorized access to sensitive data and control over the affected system. It is crucial for users to apply patches and security updates as provided by Microsoft to mitigate risks associated with this vulnerability. Ensuring that appropriate security protocols are in place and regularly updated can help safeguard against such attacks.",Microsoft,"Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Office Ltsc 2021,Microsoft Office Ltsc 2024,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition)",7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-12T02:04:00.000Z,0
CVE-2021-31936,https://securityvulnerability.io/vulnerability/CVE-2021-31936,Microsoft Accessibility Insights for Web Information Disclosure Vulnerability,Microsoft Accessibility Insights for Web Information Disclosure Vulnerability,Microsoft,Microsoft Accessibility Insights For Web,7.4,HIGH,0.023840000852942467,false,false,false,false,,false,false,2021-05-11T19:11:45.000Z,0
CVE-2021-28455,https://securityvulnerability.io/vulnerability/CVE-2021-28455,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft,"Microsoft Access 2013 Service Pack 1 (32-bit Editions),Microsoft Access 2013 Service Pack 1 (64-bit Editions),Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Office 2016,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition),Microsoft Office 2013 Service Pack 1,Windows 10 Version 1803,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1909,Windows Server, Version 1909 (server Core Installation),Windows 10 Version 2004,Windows Server Version 2004,Windows 10 Version 20h2,Windows Server Version 20h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",8.8,HIGH,0.01874000020325184,false,false,false,false,,false,false,2021-05-11T19:11:14.000Z,0
CVE-2020-1582,https://securityvulnerability.io/vulnerability/CVE-2020-1582,Microsoft Access Remote Code Execution Vulnerability,"A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.
",Microsoft,"Microsoft Access 2013 Service Pack 1 (32-bit Editions),Microsoft Access 2013 Service Pack 1 (64-bit Editions),Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition),Microsoft Access 2010 Service Pack 2",7.8,HIGH,0.029650000855326653,false,false,false,false,,false,false,2020-08-17T19:15:00.000Z,0
CVE-2020-0760,https://securityvulnerability.io/vulnerability/CVE-2020-0760,,"A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus,Microsoft Excel,Microsoft Powerpoint,Microsoft Visio,Microsoft Word,Microsoft Publisher 2016 (32-bit Edition),Microsoft Publisher 2016 (64-bit Edition),Microsoft Access,Microsoft Outlook,Microsoft Publisher 2013 Service Pack 1 (32-bit Editions),Microsoft Publisher 2013 Service Pack 1 (64-bit Editions),Microsoft Publisher",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-04-15T15:12:40.000Z,0
CVE-2018-8312,https://securityvulnerability.io/vulnerability/CVE-2018-8312,,"A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka ""Microsoft Access Remote Code Execution Vulnerability."" This affects Microsoft Access, Microsoft Office.",Microsoft,"Microsoft Access,Microsoft Office",7.8,HIGH,0.8078799843788147,false,false,false,false,,false,false,2018-07-11T00:00:00.000Z,0
CVE-2018-0940,https://securityvulnerability.io/vulnerability/CVE-2018-0940,,"Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka ""Microsoft Exchange Elevation of Privilege Vulnerability"".",Microsoft,Microsoft Exchange Outlook Web Access (owa),6.5,MEDIUM,0.0038999998942017555,false,false,false,false,,false,false,2018-03-14T00:00:00.000Z,0
CVE-2018-0903,https://securityvulnerability.io/vulnerability/CVE-2018-0903,,"Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka ""Microsoft Access Remote Code Execution Vulnerability"".",Microsoft,Microsoft Access,7.8,HIGH,0.7966499924659729,false,false,false,false,,false,false,2018-03-14T00:00:00.000Z,0
CVE-2018-0799,https://securityvulnerability.io/vulnerability/CVE-2018-0799,,"Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka ""Microsoft Access Tampering Vulnerability"".",Microsoft,Microsoft Access,6.1,MEDIUM,0.01080000028014183,false,false,false,false,,false,false,2018-01-10T01:29:00.000Z,0
CVE-2002-0695,https://securityvulnerability.io/vulnerability/CVE-2002-0695,,Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.,Microsoft,"Data Access Components,Microsoft Data Access Components",,,0.0738300010561943,false,false,false,false,,false,false,2002-08-12T04:00:00.000Z,0