CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

🗓️ 15 Dec 2021 14:14:54Reported by microsoftType

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerabilit

Reporter	Title	Published	Views	Family All 18
BDU FSTEC	The vulnerability of the Microsoft Jet Red Database Engine (MS Jet (Red)) and the Access Connectivity Engine on Microsoft Windows operating systems allows attackers to escalate their privileges.	4 Mar 202200:00	–	bdu_fstec
CNNVD	Microsoft Jet Red Database Engine 和 Access Connectivity Engine 权限许可和访问控制问题漏洞	14 Dec 202100:00	–	cnnvd
CVE	CVE-2021-42293	15 Dec 202114:14	–	cve
EUVD	EUVD-2021-29268	3 Oct 202520:07	–	euvd
Microsoft KB	Description of the security update for Office 2016: December 14, 2021 (KB5002099)	14 Dec 202108:00	–	mskb
Microsoft KB	Description of the security update for Office 2013: December 14, 2021 (KB5002104)	14 Dec 202108:00	–	mskb
Kaspersky	KLA12389 Multiple vulnerabilities in Microsoft Office	14 Dec 202100:00	–	kaspersky
Microsoft CVE	Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability	14 Dec 202108:00	–	mscve
NCSC	Vulnerabilities fixed in Microsoft Office	14 Dec 202100:00	–	ncsc
NVD	CVE-2021-42293	15 Dec 202115:15	–	nvd

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office LTSC 2021",
    "cpes": [
      "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft 365 Apps for Enterprise",
    "cpes": [
      "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.5254.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
      "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
    ],
    "platforms": [
      "ARM64-based Systems",
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.5407.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42293

29 May 2024 14:44Current

7High risk

Vulners AI Score7

CVSS 3.16.5

EPSS0.02804