Every CVE whose affected-product data names Microsoft Access, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2000-0788 — CVSS 10.0 (critical): The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2008-1200 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file…
CVE-2010-0814 — CVSS 9.3 (critical): The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with…
CVE-2010-1881 — CVSS 9.3 (critical): The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly…
CVE-2013-3155 — CVSS 9.3 (critical): Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a…
CVE-2013-3156 — CVSS 9.3 (critical): Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a…
CVE-2013-3157 — CVSS 9.3 (critical): Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a…
CVE-2020-0760 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote…
CVE-2025-26630 — CVSS 7.8 (high): Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-62552 — CVSS 7.8 (high): Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2020-1582 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An…
CVE-2025-26642 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2018-0903 — CVSS 7.8 (high): Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code…
CVE-2018-8312 — CVSS 7.8 (high): A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote…
CVE-2000-0419 — CVSS 7.5 (high): The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via…
CVE-2003-0665 — CVSS 7.5 (high): Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to…
CVE-2008-3068 — CVSS 7.5 (high): Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation…
CVE-2025-59235 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59232 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2007-6357 — CVSS 5.8 (medium): Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted…