CVE-2019-0675 - A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im

CVE-2019-0675

Summary

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674.

References

http://www.securityfocus.com/bid/106932
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0675

Vulnerable Configurations

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	106932
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0675

Last major update

24-08-2020 - 17:37

Published

05-03-2019 - 23:29

Last modified

24-08-2020 - 17:37