CVE-2019-0888 — Microsoft Windows 10 Version 1507 vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

57.1%

top 1.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1703 +19 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages22 packages

▶CVEListV5microsoft/windows_76.1.0 — publication

▶CVEListV5microsoft/windows_8.16.3.0 — publication

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j7gh-8q6h-qxr4: A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remo↗2022-05-24

▶

CVEList

ActiveX Data Objects (ADO) Remote Code Execution Vulnerability↗2019-06-12

▶

📋Vendor Advisories

Microsoft

ActiveX Data Objects (ADO) Remote Code Execution Vulnerability↗2019-06-11

▶