Wednesday, February 28, 2018

Telspace Systems Security Advisory (TSA-2018-001)

Security Advisory

TSA-2018-001: Microsoft Access Information Disclosure Vulnerability

CVE Number: CVE-2018-0853


An information disclosure vulnerability exists when Microsoft Office Access software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

Details and crash information


72edd1ce f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

Vendor: Microsoft

Product: Access

Version: 16.0.8625.2127

Vendor URLs:

Vendor Response

The vendor has patched the vulnerability and released a new version.

Disclosure Timeline

  • 23-11-2017 – Initial Discovery
  • 25-11-2017 – Vendor Notification
  • 19-01-2018 – Vendor Patch
  • 13-02-2018 – Public Disclosure


This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

No comments: