CVE-2019-0586 - A remote code execution vulnerability exists in Microsoft Exchange software when the software fails

CVE-2019-0586

Summary

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	106421
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586

Last major update

24-08-2020 - 17:37

Published

08-01-2019 - 21:29

Last modified

24-08-2020 - 17:37