本ページは microsoft access に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-62552 | Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.55% | 2025-12-09 | 2025-12-09 |
| CVE-2025-59235 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | [email protected] | 7.1 | 0.60% | 2025-10-14 | 2025-10-16 |
| CVE-2025-59232 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | [email protected] | 7.1 | 0.44% | 2025-10-14 | 2025-10-16 |
| CVE-2025-26642 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.70% | 2025-04-08 | 2025-07-09 |
| CVE-2025-26630 | Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.92% | 2025-03-11 | 2025-07-03 |
| CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability | [email protected] | 7.8 | 1.00% | 2025-01-14 | 2025-07-01 |
| CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability | [email protected] | 7.8 | 1.09% | 2025-01-14 | 2025-07-01 |
| CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability | [email protected] | 7.8 | 1.12% | 2025-01-14 | 2025-07-01 |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | [email protected] | 7.8 | 1.03% | 2024-12-12 | 2025-01-17 |
| CVE-2020-1582 | A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users wh | [email protected] | 7.8 | 2.68% | 2020-08-17 | 2026-02-23 |
| CVE-2020-0760 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | [email protected] | 8.8 | 8.61% | 2020-04-15 | 2024-11-21 |
| CVE-2018-8312 | A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | [email protected] | 7.8 | 19.55% | 2018-07-11 | 2024-11-21 |
| CVE-2018-0903 | Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". | [email protected] | 7.8 | 16.13% | 2018-03-14 | 2024-11-21 |
| CVE-2015-2503 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 20 | [email protected] | 9.3 | 16.84% | 2015-11-11 | 2026-05-06 |
| CVE-2013-3157 | Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155. | [email protected] | 9.3 | 21.51% | 2013-09-11 | 2026-04-29 |
| CVE-2013-3156 | Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability." | [email protected] | 9.3 | 20.02% | 2013-09-11 | 2026-04-29 |
| CVE-2013-3155 | Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. | [email protected] | 9.3 | 20.02% | 2013-09-11 | 2026-04-29 |
| CVE-2010-1881 | The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." | [email protected] | 9.3 | 20.33% | 2010-07-15 | 2026-04-29 |
| CVE-2010-0814 | The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." | [email protected] | 9.3 | 20.81% | 2010-07-15 | 2026-04-29 |
| CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | [email protected] | 7.5 | 17.40% | 2008-07-07 | 2026-04-23 |