14 matches found
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2020-1582
CVE-2020-1582 is a Microsoft Access remote code execution vulnerability caused by improper handling of in-memory objects. An attacker could run arbitrary code in the caller’s context by convincing a user to open a specially crafted Access file; if the user has administrative rights, system takeov...
CVE-2025-26630
CVE-2025-26630 is a use-after-free vulnerability in Microsoft Office Access that can allow a local attacker to execute arbitrary code. The issue affects Microsoft Access/Office components and is rated CVSS v3.1 base score 7.8 (High) with Local attack vector, Privileges None, User Interaction requ...
CVE-2025-21395
CVE-2025-21395 is a Microsoft Access remote code execution vulnerability. Documents indicate it affects Microsoft Access/Office components and is exploitable by convincing a target to download and run a malicious file via social engineering. CVSSv3.1 data shows Local attack vector, Privileges Req...
CVE-2025-26642
CVE-2025-26642 is a Microsoft Office remote code execution vulnerability (out-of-bounds read) that allows a local attacker to run code on the victim’s machine. Public details in connected documents indicate the issue affects Office components (e.g., Excel) and can be triggered via crafted inputs ...
CVE-2025-21186
CVE-2025-21186 is a Microsoft Access remote code execution vulnerability. Public details in connected sources indicate a heap-based buffer overflow in Microsoft Access (notably Access 2016, 32/64‑bit) that could allow arbitrary code execution when a user opens a crafted file or input. Exploitatio...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2025-21366
CVE-2025-21366 is a Microsoft Access remote code execution vulnerability. Connected sources confirm an Access/Office component impact with a patch released in January 2025 (KB5002670) for Access 2016 (32- and 64-bit). Exploitation details in the provided documents indicate social‑engineering deli...
CVE-2024-49142
CVE-2024-49142 is a Microsoft Access remote code execution vulnerability. Connected sources confirm a vulnerability in Microsoft Access that allows arbitrary code execution when a malicious file is opened or run, and Microsoft released a security update to address it (KB5002641 for Access 2016). ...
CVE-2018-8312
CVE-2018-8312 targets Microsoft Access and Microsoft Office. The vulnerability is described as a remote code execution flaw caused by improper handling of objects in memory, allowing an attacker to run arbitrary code when a user opens a crafted file. In public connected materials, related advisor...
CVE-2018-0903
CVE-2018-0903 affects Microsoft Access products: Access 2010 SP2, Access 2013 SP1, Access 2016, and Office 2016 Click-to-Run. The issue is a remote code execution vulnerability caused by how objects are handled in memory, allowing arbitrary code execution when a user opens a specially crafted fil...
CVE-2025-62552
CVE-2025-62552 describes a relative path traversal in Microsoft Access that allows a local attacker to execute code. Affected products include Microsoft Office/Access components across Office 2016 and later suites; the root cause is path traversal in Access which can lead to remote code execution...
CVE-2025-59235
CVE-2025-59235 is an information-disclosure vulnerability in Microsoft Excel (Office) caused by an out-of-bounds read. Public sources in the connected docs consistently identify the affected component as Excel within the Microsoft Office suite and link the issue to Excel information-disclosure mi...
CVE-2025-59232
CVE-2025-59232 is an information-disclosure vulnerability in Microsoft Excel (part of Microsoft Office) caused by an out-of-bounds read that can disclose local data. The issue affects Excel components within Office; remediation is available via Microsoft Office security updates released October 2...