Skip to main content

Access CVE-2013-3155

CRITICAL
Buffer Overflow (CWE-119)
2013-09-11 secure@microsoft.com
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Sep 11, 2013 - 14:03 cve.org
CRITICAL 9.3

DescriptionCVE.org

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157.

AnalysisAI

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 58.0% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. Affected products include: Microsoft Access.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Access

View all
CVE-2013-3157 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3156 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2015-2503 CRITICAL
9.3 Nov 11

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P

CVE-2019-11898 CRITICAL
9.9 Sep 12

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated cr

CVE-2019-18780 CRITICAL
9.8 Nov 05

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthentica

CVE-2017-6399 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6406 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6400 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2025-26642 HIGH
7.8 Apr 08

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVS

CVE-2024-49142 HIGH
7.8 Dec 12

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

CVE-2020-1582 HIGH
7.8 Aug 17

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle obj

Share

CVE-2013-3155 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy