Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Access
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-07-15 | CVE-2010-0814 | The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." | Access | N/A | ||
| 2008-07-07 | CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | Access, Excel, Frontpage, Groove, Infopath, Office, Office_communicator, Onenote, Outlook, Powerpoint, Project_professional, Project_standard, Publisher, Sharepoint_designer, Visio_professional, Visio_standard, Windows_live_mail | N/A | ||
| 2008-03-06 | CVE-2008-1200 | Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. | Access, Jet | N/A | ||
| 2007-12-15 | CVE-2007-6357 | Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. | Access | N/A | ||
| 2007-02-03 | CVE-2007-0671 | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer | N/A | ||
| 2006-10-10 | CVE-2006-3877 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | Access, Excel, Excel_viewer, Frontpage, Infopath, Office, Onenote, Outlook, Powerpoint, Project, Publisher, Visio, Word, Word_viewer | N/A | ||
| 2003-10-20 | CVE-2003-0665 | Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. | Access | N/A | ||
| 2000-05-11 | CVE-2000-0419 | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | Access, Excel, Frontpage, Office, Outlook, Photodraw_2000, Powerpoint, Project, Word, Works | N/A | ||
| 1999-01-01 | CVE-1999-0364 | Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | Total_vb_sourcebook, Access | N/A |