CVE-2021-38646: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-04-18

Exploited in the wild

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

14 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2013_service_pack_1	>= 15.0.0 < 5381.1000	5381.1000
microsoft	microsoft_office_2016	>= 16.0.0 < 5215.1000	5215.1000
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	office	—	—
microsoft	office	—	—
microsoft	office	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_office_2013_rt_service_pack_1	—	—
msrc	microsoft_office_2013_service_pack_1	—	—
msrc	microsoft_office_2016	—	—
msrc	microsoft_office_2019_for_32-bit_editions	—	—
msrc	microsoft_office_2019_for_64-bit_editions	—	—

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vulncheck7.8HIGH

cisa7.8HIGH