CVE-2021-38646
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
4.4%
p90
KEV
YES
Mar 28, 2022
Exploit Today
77
0-100
Published: — · Last modified: —
4.0%EPSS · 30 days4.4%
2026-06-302026-07-17
Product
Microsoft / Office
Vulnerability
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Added to KEV
Mar 28, 2022
Remediate by
Apr 18, 2022
Known ransomware use
Yes
Summary description
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38646
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2017-11882—100.0%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2023-23397—99.9%
KEV—80Microsoft Office Outlook Privilege Escalation Vulnerability—CVE-2015-1641—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2018-0798—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2018-0802—99.8%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2017-8570—99.8%
KEV—80Microsoft Office Remote Code Execution Vulnerability—