CVE-2019-0888: A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.

Affected

48 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10_version_1507	>= 10.0.10240.0 < publication	publication
microsoft	windows_10_version_1607	>= 10.0.14393.0 < publication	publication
microsoft	windows_10_version_1703	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1709	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1709_for_32-bit_systems	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1803	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1809	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1809	>= 10.0.17763.0 < publication	publication
microsoft	windows_10_version_1903_for_32-bit_systems	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1903_for_arm64-based_systems	>= 10.0.0 < publication	publication
microsoft	windows_10_version_1903_for_x64-based_systems	>= 10.0.0 < publication	publication
microsoft	windows_7	>= 6.1.0 < publication	publication
microsoft	windows_7_service_pack_1	>= 6.1.0 < publication	publication
microsoft	windows_8.1	>= 6.3.0 < publication	publication
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2_service_pack_1	>= 6.1.7601.0 < publication	publication
microsoft	windows_server_2008_r2_systems_service_pack_1	>= 6.1.0 < publication	publication
microsoft	windows_server_2008_service_pack_2	>= 6.0.0 < publication	publication
microsoft	windows_server_2008_service_pack_2	>= 6.0.6003.0 < publication	publication