Description
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, gain privileges.
Below is a complete list of vulnerabilities:
- A security feature bypass vulnerability in Microsoft Office can be exploited remotely via specially crafted file to bypass security restrictions.
- A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted website to spoof user interface.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to gain privileges.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Excel can be exploited remotely via specially designed document to bypass security restrictions.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
Original advisories
- CVE-2019-0670
- CVE-2019-0675
- CVE-2019-0668
- CVE-2019-0673
- CVE-2019-0604
- CVE-2019-0669
- CVE-2019-0672
- CVE-2019-0674
- CVE-2019-0594
- CVE-2019-0671
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Office-Professional-Plus-2010
- Microsoft-Office
- Microsoft-Excel
- Microsoft-Sharepoint-Server
CVE list
- CVE-2019-0540 high
- CVE-2019-0670 high
- CVE-2019-0675 critical
- CVE-2019-0668 critical
- CVE-2019-0673 critical
- CVE-2019-0604 critical
- CVE-2019-0669 high
- CVE-2019-0672 critical
- CVE-2019-0674 critical
- CVE-2019-0594 critical
- CVE-2019-0671 critical
KB list
- 4018313
- 4018300
- 4018294
- 4462174
- 4092465
- 4462138
- 4462146
- 4462154
- 4462143
- 4462139
- 4462155
- 4462171
- 4461630
- 4462115
- 4462177
- 4461597
- 4461608
- 4462186
- 4461607
- 4462199
- 4462184
- 4462202
- 4462211
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!