MS Access RCE via malformed file format
CVE-2024-49142 Published on December 12, 2024

Microsoft Access Remote Code Execution Vulnerability
Microsoft Access Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-49142 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2024-49142

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Access

Microsoft Office

Microsoft 365 Apps

Microsoft Office Long Term Servicing Channel

Affected Versions

Microsoft Office 2019:

Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2021:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2024:

Version 1.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Access 2016 (32-bit edition):

Version 16.0.0 and below 16.0.5478.1004 is affected.

Microsoft Access 2016 (64-bit edition):

Version 16.0.0 and below 16.0.5478.1004 is affected.

Exploit Probability

EPSS

0.60%

Percentile

69.19%