CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0CVE-2020-1582 – Microsoft Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1582
17 Aug 2020 — A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582 •
CVSS: 8.8EPSS: 37%CPEs: 33EXPL: 0CVE-2020-0760
https://notcve.org/view.php?id=CVE-2020-0760
15 Apr 2020 — A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. Hay una vulnerabilidad de ejecución de código remota cuando Microsoft Office carga inapropiadamente bibliotecas de tipos arbitrarios, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0991. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 4CVE-2018-12571 – Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
https://notcve.org/view.php?id=CVE-2018-12571
02 Jul 2018 — uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. uniquesig0/InternalSite/InitParams.aspx en Microsoft Forefront Unified Access Gateway 2010 permite que atacantes remotos desencadenen consultas DNS salientes para hosts arbitrarios mediante una lista de URL separadas por ... • https://packetstorm.news/files/id/148389 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 17%CPEs: 4EXPL: 0CVE-2018-0903
https://notcve.org/view.php?id=CVE-2018-0903
14 Mar 2018 — Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016 y Microsoft Office 2016 Click-to-Run permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto tambié... • http://www.securityfocus.com/bid/103315 •
CVSS: 9.3EPSS: 31%CPEs: 44EXPL: 0CVE-2015-2503
https://notcve.org/view.php?id=CVE-2015-2503
11 Nov 2015 — Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visi... • http://www.securitytracker.com/id/1034117 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 11%CPEs: 7EXPL: 0CVE-2014-3802 – Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-3802
14 May 2014 — msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes ... • http://www.securityfocus.com/bid/67398 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 41%CPEs: 7EXPL: 0CVE-2013-3155
https://notcve.org/view.php?id=CVE-2013-3155
11 Sep 2013 — Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbritrario o provocar una denegación de servicio (corrupción de memoria) a través de un fichero Access ma... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 47%CPEs: 7EXPL: 0CVE-2013-3156
https://notcve.org/view.php?id=CVE-2013-3156
11 Sep 2013 — Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability." Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un archivo Access manipulado, tambien conocida como "... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 47%CPEs: 7EXPL: 0CVE-2013-3157
https://notcve.org/view.php?id=CVE-2013-3157
11 Sep 2013 — Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de un fichero Access manipulad... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 25%CPEs: 2EXPL: 0CVE-2012-0146
https://notcve.org/view.php?id=CVE-2012-0146
10 Apr 2012 — Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." Vulnerabilidad de redirección abierta en Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 permite a atacantes remotos redireccionar usuarios a sitios Web de su elección y conducir ataques de Phising a través de URL manipul... • http://osvdb.org/81131 • CWE-20: Improper Input Validation •