CVE-2019-0885
published 2019-05-16CVE-2019-0885: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution…
PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
14.35%
96.2th percentile
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows OLE Remote Code Execution Vulnerability
vendor_msrc·2019-05-14·CVSS 7.8
CVE-2019-0885 [HIGH] Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.
To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, causing Windows to execute arbitrary code.
The update addresses the vulnerability by correcting how Windows OLE validates user input.
Microsoft Windows: Microsoft Windows
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499181
Ref
GHSA
GHSA-g22c-7jx3-r485: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution
ghsa_unreviewed·2022-05-24
CVE-2019-0885 [HIGH] CWE-20 GHSA-g22c-7jx3-r485: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Sfruttamento vulnerabilità
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research
2019/05/15
Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research 2019/05/15 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research
May 15, 2019
Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Ausnutzung von Schwachstellen
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this rel
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits y vulnerabilidades
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this relea
Zscaler
Zscaler found Multiple Security Vulnerabilities | 05-15-2019
blogs_zscaler·CVSS 6.5
[MEDIUM] Zscaler found Multiple Security Vulnerabilities | 05-15-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-05-16
Published