Vulnerability CVE-2019-0541


Published: 2019-01-08

Description:
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

See advisories in our WLB2 database:
Topic
Author
Date
High
Microsoft Windows MSHTML Engine "Edit" Remote Code Execution
Eduardo Braun Pr...
17.03.2019

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Excel viewer 
Microsoft -> Internet explorer 
Microsoft -> Office 
Microsoft -> Office 365 proplus 
Microsoft -> Office word viewer 

 References:
http://www.securityfocus.com/bid/106402
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541
https://www.exploit-db.com/exploits/46536/

Copyright 2024, cxsecurity.com

 

Back to Top