CVE-2019-0947 — Microsoft Office vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

24.2%

top 3.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office

Timeline

PublishedMay 16

Latest updateMay 24

Description

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/office2010

▶CVEListV5microsoft/microsoft_office2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions)+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xjmr-f49m-496p: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft↗2022-05-24

▶

CVEList

CVE-2019-0947: A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability↗2019-05-14

▶