Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on May 14th, 2019 📆 | 6349 Views ⚑

0

Microsoft Windows up to Server 2019 OLE memory corruption


Convert Text to Speech

CVSS Meta Temp Score Current Exploit Price (≈)
6.8 $5k-$25k

A vulnerability has been found in Microsoft Windows (Operating System) and classified as critical. This vulnerability affects a functionality of the component OLE. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 05/14/2019 as confirmed security update guide (Website). The advisory is available at portal.msrc.microsoft.com. The public release was coordinated in cooperation with the vendor. This vulnerability was named CVE-2019-0885. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 05/14/2019). The advisory points out:

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

See 134699 and 134700 for similar entries.

Vendor

Name

VulDB Meta Base Score: 7.1
VulDB Meta Temp Score: 6.8

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?

Vendor Base Score (Microsoft): 7.8
Vendor Vector (Microsoft): ?





AV AC Au C I A
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
Vector Complexity Authentication Confidentiality Integrity Availability
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock


VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Memory corruption (CWE-119)
Local: No
Remote: Yes

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?


0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Patch
Status: ?
Reaction Time: ?
0-Day Time: ?
Exposure Time: ?05/14/2019 Advisory disclosed
05/14/2019 +0 days Countermeasure disclosed
05/14/2019 +0 days VulDB entry created
05/14/2019 +0 days VulDB last updateAdvisory: portal.msrc.microsoft.com
Status: Confirmed
Coordinated: ?

CVE: CVE-2019-0885 (?)
scip Labs: https://www.scip.ch/en/?labs.20161215
See also: ?

Created: 05/14/2019 09:18 PM
Complete: ?

Comments

No comments yet. Please log in to comment.

Download it now for free!

https://vuldb.com/?id.134698

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑