28 matches found
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2013-3155
CVE-2013-3155 concerns a memory corruption/remote code execution vulnerability in Microsoft Access. The connected advisories describe a vulnerability in how Access parses ACCDB files, enabling a remote attacker to execute arbitrary code on vulnerable systems when processing a crafted ACCDB. The i...
CVE-2013-3157
CVE-2013-3157 is tied to a Microsoft Access memory-corruption vulnerability affecting ACCDB parsing in Access 2007 SP3, 2010 SP1/SP2, and 2013. Connected advisories CPAI-2013-3692 and CPAI-2013-3688 describe a remote code execution/vector via crafted ACCDB files, caused by memory-corruption in Ac...
CVE-2020-1582
CVE-2020-1582 is a Microsoft Access remote code execution vulnerability caused by improper handling of in-memory objects. An attacker could run arbitrary code in the caller’s context by convincing a user to open a specially crafted Access file; if the user has administrative rights, system takeov...
CVE-2025-21395
CVE-2025-21395 is a Microsoft Access remote code execution vulnerability. Documents indicate it affects Microsoft Access/Office components and is exploitable by convincing a target to download and run a malicious file via social engineering. CVSSv3.1 data shows Local attack vector, Privileges Req...
CVE-2025-26630
CVE-2025-26630 is a use-after-free vulnerability in Microsoft Office Access that can allow a local attacker to execute arbitrary code. The issue affects Microsoft Access/Office components and is rated CVSS v3.1 base score 7.8 (High) with Local attack vector, Privileges None, User Interaction requ...
CVE-2025-21186
CVE-2025-21186 is a Microsoft Access remote code execution vulnerability. Public details in connected sources indicate a heap-based buffer overflow in Microsoft Access (notably Access 2016, 32/64‑bit) that could allow arbitrary code execution when a user opens a crafted file or input. Exploitatio...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2025-26642
CVE-2025-26642 is a Microsoft Office remote code execution vulnerability (out-of-bounds read) that allows a local attacker to run code on the victim’s machine. Public details in connected documents indicate the issue affects Office components (e.g., Excel) and can be triggered via crafted inputs ...
CVE-2024-49142
CVE-2024-49142 is a Microsoft Access remote code execution vulnerability. Connected sources confirm a vulnerability in Microsoft Access that allows arbitrary code execution when a malicious file is opened or run, and Microsoft released a security update to address it (KB5002641 for Access 2016). ...
CVE-2025-21366
CVE-2025-21366 is a Microsoft Access remote code execution vulnerability. Connected sources confirm an Access/Office component impact with a patch released in January 2025 (KB5002670) for Access 2016 (32- and 64-bit). Exploitation details in the provided documents indicate social‑engineering deli...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2018-8312
CVE-2018-8312 targets Microsoft Access and Microsoft Office. The vulnerability is described as a remote code execution flaw caused by improper handling of objects in memory, allowing an attacker to run arbitrary code when a user opens a crafted file. In public connected materials, related advisor...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2018-0903
CVE-2018-0903 affects Microsoft Access products: Access 2010 SP2, Access 2013 SP1, Access 2016, and Office 2016 Click-to-Run. The issue is a remote code execution vulnerability caused by how objects are handled in memory, allowing arbitrary code execution when a user opens a specially crafted fil...
CVE-2007-6357
CVE-2007-6357 describes a stack-based buffer overflow in the Microsoft Jet Database Engine's MDB file parser used by Microsoft Access, enabling remote code execution via a crafted .mdb file. Connected docs corroborate as a similar issue to CVE-2007-6026 and CVE-2005-0944, with MS08-028 patching t...
CVE-2010-0814
CVE-2010-0814 involves remote code execution in Microsoft Office Access ActiveX controls. The vulnerability arises in the ACCWIZ.dll-based Access Wizard Controls (including ImexGrid and FieldList) when Internet Explorer instantiates multiple Access ActiveX controls, interacting with memory alloca...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2010-1881
CVE-2010-1881 concerns ACCWIZ.dll (Microsoft Access Wizard Controls) in Microsoft Office Access 2003 SP3. The issue is a memory corruption/Uninitialized Variable vulnerability in the ACCWIZ.dll ActiveX controls (FieldList/ACCWIZ), exploited when instantiated by Internet Explorer or Office with cr...
CVE-2000-0419
The Office 2000 UA ActiveX control is described as wrongly marked “safe for scripting.” This vulnerability allows an intruder to script interactions through the control’s Show Me feature, potentially disabling macro warnings and enabling arbitrary actions within Office applications (e.g., launchi...
CVE-2000-0788
The CVE-2000-0788 family concerns the Mail Merge Tool in Microsoft Word. Connected records describe Word 2000/Word 2002 behavior: when Access is present, the Mail Merge tool can execute Visual Basic (VBA) scripts embedded in a mail-merge document saved as HTML, enabling remote command execution. ...
CVE-2013-3156
The CVE-2013-3156 issue is a memory-corruption vulnerability in Microsoft Access when parsing ACCDB files, affecting Access 2007 SP3, 2010 SP1/SP2, and 2013. A remote attacker could trigger arbitrary code execution or memory corruption by enticing a user to open a crafted ACCDB file. Evidence fro...
CVE-2008-1200
Technical details for CVE-2008-1200 are not publicly provided in the supplied connected documents. The records describe an unspecified Microsoft Access vulnerability with crafted MDB files but do not reveal affected versions, root cause, impact, or remediation.
CVE-1999-0364
CVE-1999-0364 affects Microsoft Access 97, where a database password is stored as plaintext in a foreign .mdb file, enabling access to data. The linked documents consistently describe plaintext password storage as the vulnerability; no patch or remediation details are provided in the sources. Imp...
CVE-2003-0665
CVE-2003-0665 is a buffer overflow in the ActiveX control used by Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002. The vulnerability allows remote attackers to execute arbitrary code by sending long parameters to the control. Evidence from multiple sources confirms the root cause a...
CVE-2025-62552
CVE-2025-62552 describes a relative path traversal in Microsoft Access that allows a local attacker to execute code. Affected products include Microsoft Office/Access components across Office 2016 and later suites; the root cause is path traversal in Access which can lead to remote code execution...
CVE-2025-59235
CVE-2025-59235 is an information-disclosure vulnerability in Microsoft Excel (Office) caused by an out-of-bounds read. Public sources in the connected docs consistently identify the affected component as Excel within the Microsoft Office suite and link the issue to Excel information-disclosure mi...
CVE-2025-59232
CVE-2025-59232 is an information-disclosure vulnerability in Microsoft Excel (part of Microsoft Office) caused by an out-of-bounds read that can disclose local data. The issue affects Excel components within Office; remediation is available via Microsoft Office security updates released October 2...