Remote Code Execution Vulnerability in Microsoft Access Products
CVE-2018-0903

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Access
Vendor
CVE Published:
14 March 2018

Summary

A vulnerability exists in Microsoft Access and Microsoft Office due to improper handling of objects in memory. This flaw allows an attacker to execute arbitrary code on the affected system. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user, potentially leading to unauthorized access to sensitive data or further system compromise.

Affected Version(s)

Microsoft Access Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run

References

http://www.securitytracker.com/id/1040503
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103315
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

77% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.