Lucene search

[email protected]CVE-2018-0903

HistoryMar 14, 2018 - 5:29 p.m.

CVE-2018-0903

2018-03-1417:29:02

[email protected]

web.nvd.nist.gov

cve-2018-0903

microsoft access

remote code execution

vulnerability

nvd

memory handling

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.293 Low

EPSS

Percentile

96.9%

JSON

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka “Microsoft Access Remote Code Execution Vulnerability”.

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_access

CPENameOperatorVersion
microsoft:accessmicrosoft accesseq2010
microsoft:accessmicrosoft accesseq2013
microsoft:accessmicrosoft accesseq2016
microsoft:officemicrosoft officeeq2016

CPE	Name	Operator	Version
microsoft:access	microsoft access	eq	2010
microsoft:access	microsoft access	eq	2013
microsoft:access	microsoft access	eq	2016
microsoft:office	microsoft office	eq	2016

CNA Affected

[
  {
    "product": "Microsoft Access",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run"
      }
    ]
  }
]