Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-0888

Опубликовано: 11 июн. 2019
Источник: msrc
CVSS3: 8.8
EPSS Средний

Описание

ActiveX Data Objects (ADO) Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges.

An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website.

The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for Itanium-Based Systems Service Pack 2
45032734503287
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2
45032734503287
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
45032734503287
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
45032734503287
Monthly RollupSecurity Only
Windows 7 for 32-bit Systems Service Pack 1
45032924503269
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
45032924503269
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
45032924503269
Monthly RollupSecurity Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
45032924503269
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
45032924503269
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
45032734503287
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 97%
0.40625
Средний

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-0888

CVSS3: 8.8
nvd
около 6 лет назад

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.

github логотип

GHSA-j7gh-8q6h-qxr4

CVSS3: 8.8
github
около 3 лет назад

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'.

fstec логотип

BDU:2019-02200

CVSS3: 8.8
fstec
около 6 лет назад

Уязвимость интерфейса программирования приложений для доступа к данным ActiveX Data objects операционных систем Windows, связанная с ошибками обработки объектов в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.40625
Средний

8.8 High

CVSS3