Microsoft Access vulnerabilities

27 known vulnerabilities affecting microsoft/access.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL10HIGH17

Vulnerabilities

Page 1 of 2

CVE-2025-62552HIGHCVSS 7.8v20162025-12-09

CVE-2025-62552 [HIGH] CWE-23 CVE-2025-62552: Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code l Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-59235HIGHCVSS 7.1v20162025-10-14

CVE-2025-59235 [HIGH] CWE-125 CVE-2025-59235: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-59232HIGHCVSS 7.1v20162025-10-14

CVE-2025-59232 [HIGH] CWE-125 CVE-2025-59232: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-26642HIGHCVSS 7.8v20162025-04-08

CVE-2025-26642 [HIGH] CWE-125 CVE-2025-26642: Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-26630HIGHCVSS 7.8v20162025-03-11

CVE-2025-26630 [HIGH] CWE-416 CVE-2025-26630: Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-21186HIGHCVSS 7.8v20162025-01-14

CVE-2025-21186 [HIGH] CWE-122 CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Microsoft Access Remote Code Execution Vulnerability

nvd

CVE-2025-21366HIGHCVSS 7.8v20162025-01-14

CVE-2025-21366 [HIGH] CWE-416 CVE-2025-21366: Microsoft Access Remote Code Execution Vulnerability Microsoft Access Remote Code Execution Vulnerability

nvd

CVE-2025-21395HIGHCVSS 7.8v20162025-01-14

CVE-2025-21395 [HIGH] CWE-122 CVE-2025-21395: Microsoft Access Remote Code Execution Vulnerability Microsoft Access Remote Code Execution Vulnerability

nvd

CVE-2024-49142HIGHCVSS 7.8v20162024-12-12

CVE-2024-49142 [HIGH] CWE-416 CVE-2024-49142: Microsoft Access Remote Code Execution Vulnerability Microsoft Access Remote Code Execution Vulnerability

nvd

CVE-2020-1582HIGHCVSS 7.8v2010v2013+1 more2020-08-17

CVE-2020-1582 [HIGH] CVE-2020-1582: A remote code execution vulnerability exists in Microsoft Access software when the software fails to A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

nvd

CVE-2020-0760HIGHCVSS 8.8v2010v2013+1 more2020-04-15

CVE-2020-0760 [HIGH] CVE-2020-0760: A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type l A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

nvd

CVE-2018-8312HIGHCVSS 7.8v2013v20162018-07-11

CVE-2018-8312 [HIGH] CVE-2018-8312: A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.

nvd

CVE-2018-0903HIGHCVSS 7.8v2010v2013+1 more2018-03-14

CVE-2018-0903 [HIGH] CVE-2018-0903: Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 20 Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".

nvd

CVE-2015-2503CRITICALCVSS 9.3v2007v2010+2 more2015-11-11

CVE-2015-2503 [CRITICAL] CWE-264 CVE-2015-2503: Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word

nvd

CVE-2013-3157CRITICALCVSS 9.3v2007v2010+1 more2013-09-11

CVE-2013-3157 [CRITICAL] CVE-2013-3157: Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155.

nvd

CVE-2013-3156CRITICALCVSS 9.3v2007v2010+1 more2013-09-11

CVE-2013-3156 [CRITICAL] CWE-119 CVE-2013-3156: Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability."

nvd

CVE-2013-3155CRITICALCVSS 9.3v2007v2010+1 more2013-09-11

CVE-2013-3155 [CRITICAL] CWE-119 CVE-2013-3155: Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157.

nvd

CVE-2010-1881CRITICALCVSS 9.3v20032010-07-15

CVE-2010-1881 [CRITICAL] CWE-94 CVE-2010-1881: The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Off The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HT

nvd

CVE-2010-0814CRITICALCVSS 9.3v2003v20072010-07-15

CVE-2010-0814 [CRITICAL] CWE-94 CVE-2010-0814: The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the

nvd

CVE-2008-3068HIGHCVSS 7.5v20072008-07-07

CVE-2008-3068 [HIGH] CVE-2008-3068: Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan

nvd

1 / 2Next →