CVE-2019-0946 — Microsoft Office vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

24.2%

top 3.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office 365 Proplus Microsoft Office

Timeline

PublishedMay 16

Latest updateMay 24

Description

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0947.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/office4 versions+3

▶CVEListV5microsoft/microsoft_office9 versions+8

▶CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r7mx-32g8-mhc6: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft↗2022-05-24

▶

CVEList

CVE-2019-0946: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability↗2019-05-14

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Code execution vulnerability in Microsoft Media Foundation↗2020-02-11

▶