CVE-2019-0585

4 documents4 sources
Severity
8.8HIGH
EPSS
28.2%
top 3.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Microsoft OfficeMicrosoft Microsoft Office Online ServerMicrosoft Microsoft Office Word Viewer+7 more
Timeline
PublishedJan 8
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer
CVEListV5microsoft/microsoft_office_online_serverMicrosoft Office Online Server
CVEListV5microsoft/wordAutomation Services on Microsoft SharePoint Server 2010 Service Pack 2
NVDmicrosoft/word2010, 2013, 2016+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vwm3-pch6-j453: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2022-05-13
CVEList
CVE-2019-0585: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2019-01-08

📋Vendor Advisories

1
Microsoft
Microsoft Word Remote Code Execution Vulnerability2019-01-08
CVE-2019-0585 (HIGH CVSS 8.8) | A remote code execution vulnerabili | cvebase.io