CVE-2018-0903
4 documents4 sources
Severity
7.8HIGH
EPSS
30.5%
top 3.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 14
Latest updateMay 13
Description
Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5microsoft_corporation/microsoft_accessMicrosoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-mjgr-cmwp-6j8c: Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vuln↗2022-05-13
CVEList▶
CVE-2018-0903: Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vuln↗2018-03-14