LOLAPI
Back to API Browser

access.Application COM Object

⚠️ High Risk📁 Windows Com Api🏷️ code execution✅ Verified
#windows-com-api#macro#code-execution

🔧 API Details

Namespace

Access.Application

Language

VBScript/C#/PowerShell

Official Documentation

https://learn.microsoft.com/en-us/office/vba/api/access.application

📊 Risk Assessment

Severity

High

Prevalence

low

Ease of Abuse

medium

Likelihood in Real Attacks

45%

🎯 MITRE ATT&CK Techniques

T1203

Click to view on MITRE ATT&CK

Abuse Scenarios

Macro execution via Access

Technique: T1203

Create and execute Access macros for code execution

Code Example:

Set app = CreateObject("Access.Application"); app.OpenCurrentDatabase "C:\\malicious.mdb"; app.Run "malicious_macro"
Detection Difficulty: Medium

🔍 Detection Strategies

Microsoft Defender

HIGH Effectiveness

Behavior detection of Access.Application creation

EDR

HIGH Effectiveness

Monitor for Office COM object abuse

🛡️ Mitigation Strategies

policy

HIGH Feasibility

Disable Office COM object execution

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

Scattered

🦠 Malware Families

Custom malware

📋 Metadata

API ID

92c77267-2cf0-4931-a217-3203d2fd6428

Created

2026-02-02

Author

Claw