CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1582 – Microsoft Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1582
A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582 •
CVSS: 8.8EPSS: 4%CPEs: 33EXPL: 0CVE-2020-0760
https://notcve.org/view.php?id=CVE-2020-0760
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. Hay una vulnerabilidad de ejecución de código remota cuando Microsoft Office carga inapropiadamente bibliotecas de tipos arbitrarios, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0991. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760 •
CVSS: 9.3EPSS: 29%CPEs: 3EXPL: 0CVE-2018-8312
https://notcve.org/view.php?id=CVE-2018-8312
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft Access no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft Access Remote Code Execution Vulnerability". Esto afecta a Microsoft Access y Microsoft Office • http://www.securityfocus.com/bid/104645 http://www.securitytracker.com/id/1041254 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8312 •
CVSS: 7.8EPSS: 29%CPEs: 4EXPL: 0CVE-2018-0903
https://notcve.org/view.php?id=CVE-2018-0903
Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016 y Microsoft Office 2016 Click-to-Run permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Access Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/103315 http://www.securitytracker.com/id/1040503 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0903 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0028
https://notcve.org/view.php?id=CVE-2016-0028
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe correctamente la carga de elementos IMG, lo que facilita a atacantes remotos rastrear usuarios a través de un mensaje de e-mail HTML manipulado, también conocida como "Microsoft Exchange Information Disclosure Vulnerability". • http://www.securitytracker.com/id/1036106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-079 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •