Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
- A spoofing vulnerability in Internet Explorer can be exploited remotely via specially crafted website to spoof user interface.
- A remote code execution vulnerability in Remote Desktop Services can be exploited remotely via specially crafted requests to execute arbitrary code.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
Original advisories
- CVE-2019-0918
- CVE-2019-0889
- CVE-2019-0885
- CVE-2019-0884
- CVE-2019-0882
- CVE-2019-0881
- CVE-2019-0758
- CVE-2019-0863
- CVE-2019-0890
- CVE-2019-0961
- CVE-2019-0898
- CVE-2019-0899
- CVE-2019-0930
- CVE-2019-0921
- CVE-2019-0708
- CVE-2019-0891
- CVE-2019-0893
- CVE-2019-0902
- CVE-2019-0903
- CVE-2019-0896
- CVE-2019-0895
- CVE-2019-0936
- CVE-2019-0897
- CVE-2019-0900
- CVE-2019-0725
- CVE-2019-0894
- CVE-2019-0901
- ADV190013
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
CVE list
- CVE-2019-0921 high
- CVE-2019-0918 critical
- CVE-2019-0884 critical
- CVE-2019-0930 high
- CVE-2019-0895 critical
- CVE-2019-0889 critical
- CVE-2019-0863 critical
- CVE-2019-0758 high
- CVE-2019-0891 critical
- CVE-2019-0936 critical
- CVE-2019-0900 critical
- CVE-2019-0961 high
- CVE-2019-0903 critical
- CVE-2019-0885 critical
- CVE-2019-0894 critical
- CVE-2019-0708 critical
- CVE-2019-0893 critical
- CVE-2019-0902 critical
- CVE-2019-0896 critical
- CVE-2019-0882 high
- CVE-2019-0897 critical
- CVE-2019-0725 critical
- CVE-2019-0901 critical
- CVE-2019-0898 critical
- CVE-2019-0734 critical
- CVE-2019-0890 critical
- CVE-2019-0881 critical
- CVE-2019-0899 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!