Microsoft Access vulnerabilities could allow remote code execution
Report ID: MS201309008
Date Published: 11 September 2013
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Access 2003
Microsoft Access 2010
Microsoft Access 2013
Summary
Three vulnerabilities reported in Microsoft Access could each be exploited into allowing an attacker to execute code on an affected system.
Detailed Description
Microsoft has released a security update to address three reported vulnerabilities in Microsoft Access. The vulnerabilities were caused by the way that Microsoft Access handles memory when opening files, and each of them could be exploited into allowing an attacker to execute arbitrary code on an affected system.
The vulnerabilities have been resolved in the latest security update by correcting the way that Microsoft Access validates data when opening files. Users are recommended to install the update to protect their system from exploit attempts.
CVE Reference
CVE-2013-3155, CVE-2013-3156, CVE-2013-3157
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-074)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
