Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows IOleCvt Interface can be exploited remotely via specially crafted website to execute arbitrary code.
2. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
3. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted fragmented to obtain sensitive information.
4. A remote code execution vulnerability in OLE Automation can be exploited remotely via specially crafted website to execute arbitrary code.
5. A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
6. A remote code execution vulnerability in Windows can be exploited remotely to execute arbitrary code.
7. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
8. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
9. A remote code execution vulnerability in Windows VBScript Engine can be exploited remotely via specially crafted website to execute arbitrary code.
10. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
11. A remote code execution vulnerability in Hyper-V vSMB can be exploited remotely via specially crafted application to execute arbitrary code.
12. An information disclosure vulnerability in DirectX can be exploited remotely via specially crafted application to obtain sensitive information.
13. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
14. An elevation of privilege vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to gain privileges.
15. An elevation of privilege vulnerability in Windows Admin Center can be exploited remotely to gain privileges.
16. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions.
17. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
18. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
19. An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information.

Fiches de renseignement originales

• CVE-2019-0845

• CVE-2019-0685
• CVE-2019-0688
• CVE-2019-0794
• CVE-2019-0795
• CVE-2019-0856
• CVE-2019-0803
• CVE-2019-0814
• CVE-2019-0792
• CVE-2019-0879
• CVE-2019-0842
• CVE-2019-0846
• CVE-2019-0796
• CVE-2019-0791
• CVE-2019-0793
• CVE-2019-0790
• CVE-2019-0786
• CVE-2019-0859
• CVE-2019-0837
• CVE-2019-0877
• CVE-2019-0802
• CVE-2019-0847
• CVE-2019-0805
• CVE-2019-0730
• CVE-2019-0849
• CVE-2019-0836
• CVE-2019-0735
• CVE-2019-0813
• CVE-2019-0731
• CVE-2019-0732
• CVE-2019-0840
• CVE-2019-0851
• CVE-2019-0844
• CVE-2019-0853
• CVE-2019-0838
• CVE-2019-0841
• CVE-2019-0848
• CVE-2019-0839

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produits associés

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT

Liste CVE

• CVE-2019-0845
  critical
• CVE-2019-0685
  critical
• CVE-2019-0688
  critical
• CVE-2019-0794
  critical
• CVE-2019-0795
  critical
• CVE-2019-0856
  high
• CVE-2019-0803
  critical
• CVE-2019-0814
  high
• CVE-2019-0792
  critical
• CVE-2019-0879
  critical
• CVE-2019-0842
  critical
• CVE-2019-0846
  critical
• CVE-2019-0796
  high
• CVE-2019-0791
  critical
• CVE-2019-0793
  critical
• CVE-2019-0790
  critical
• CVE-2019-0786
  critical
• CVE-2019-0859
  critical
• CVE-2019-0837
  high
• CVE-2019-0877
  critical
• CVE-2019-0802
  high
• CVE-2019-0847
  critical
• CVE-2019-0805
  critical
• CVE-2019-0730
  critical
• CVE-2019-0849
  high
• CVE-2019-0836
  critical
• CVE-2019-0735
  critical
• CVE-2019-0813
  critical
• CVE-2019-0731
  critical
• CVE-2019-0732
  critical
• CVE-2019-0840
  high
• CVE-2019-0851
  critical
• CVE-2019-0844
  high
• CVE-2019-0853
  critical
• CVE-2019-0838
  critical
• CVE-2019-0841
  critical
• CVE-2019-0848
  high
• CVE-2019-0839
  warning

Liste KB

• 4493441
• 4493474
• 4493464
• 4493509
• 4493470
• 4493475
• 4493451
• 4493467
• 4493446
• 4493450
• 4493552
• 4530684

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com