CVE-2019-0784
published 2019-04-09CVE-2019-0784: A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code…
PriorityP273high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.26%
94.2th percentile
A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a specially crafted website exploited through Internet Explorer — monitor for suspicious IE-initiated process activity or memory corruption events in msado*.dll / ADO components. ↗
- →Attack vector includes ActiveX controls marked 'safe for initialization' embedded in Office documents or applications hosting the IE rendering engine — inspect Office documents for embedded ActiveX controls invoking ADO objects. ↗
- →Compromised or attacker-controlled websites serving user-provided content or advertisements are a delivery vector — consider alerting on IE navigating to sites with unusual ActiveX instantiation of ADO objects. ↗
- ·Exploit status at time of advisory was 'Exploitation Less Likely' for both latest and older software releases, and not yet publicly disclosed or exploited in the wild — detection priority may be lower but should not be dismissed. ↗
- ·Exploitation grants only the rights of the current user — impact is reduced if users are not running with administrative privileges (least-privilege enforcement is a meaningful mitigation). ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows ActiveX Remote Code Execution Vulnerability
vendor_msrc·2019-03-12·CVSS 4.2
CVE-2019-0784 [HIGH] Windows ActiveX Remote Code Execution Vulnerability
Windows ActiveX Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that
GHSA
GHSA-fxr6-32v4-q59c: A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Cod
ghsa_unreviewed·2022-05-13
CVE-2019-0784 [HIGH] CWE-787 GHSA-fxr6-32v4-q59c: A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Cod
A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.
VulnCheck
Microsoft Windows Out-of-bounds Write
vulncheck·2019·CVSS 7.5
CVE-2019-0784 [HIGH] Microsoft Windows Out-of-bounds Write
Microsoft Windows Out-of-bounds Write
A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_April_edition_1_digest_pdf.pdf
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-09
Published
Exploited in the wild