CVE-2019-0586

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICAL
EPSS
20.8%
top 4.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft Exchange ServerMicrosoft Exchange Server
Timeline
PublishedJan 8
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/exchange_server2016, 2019+1
CVEListV5microsoft/microsoft_exchange_server2016 Cumulative Update 10, 2016 Cumulative Update 11, 2019+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-qmqc-fwpv-mx4f: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microso2022-05-13
CVEList
CVE-2019-0586: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microso2019-01-08

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Memory Corruption Vulnerability2019-01-08
CVE-2019-0586 (CRITICAL CVSS 9.8) | A remote code execution vulnerabili | cvebase.io