Skip to main content

Access CVE-2018-0903

HIGH
2018-03-14 secure@microsoft.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2018 - 17:29 nvd
HIGH 7.8

DescriptionNVD

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".

AnalysisAI

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". Affected products include: Microsoft Access, Microsoft Office.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Access

View all
CVE-2013-3157 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3155 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3156 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2015-2503 CRITICAL
9.3 Nov 11

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P

CVE-2019-11898 CRITICAL
9.9 Sep 12

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated cr

CVE-2019-18780 CRITICAL
9.8 Nov 05

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthentica

CVE-2017-6399 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6406 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6400 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2025-26642 HIGH
7.8 Apr 08

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVS

CVE-2024-49142 HIGH
7.8 Dec 12

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

Share

CVE-2018-0903 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy