Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
- A spoofing vulnerability in Internet Explorer can be exploited remotely via specially crafted website to spoof user interface.
- A remote code execution vulnerability in Remote Desktop Services can be exploited remotely via specially crafted requests to execute arbitrary code.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
Первичный источник обнаружения
- CVE-2019-0734
CVE-2019-0918
CVE-2019-0889
CVE-2019-0885
CVE-2019-0884
CVE-2019-0882
CVE-2019-0881
CVE-2019-0758
CVE-2019-0863
CVE-2019-0890
CVE-2019-0961
CVE-2019-0898
CVE-2019-0899
CVE-2019-0930
CVE-2019-0921
CVE-2019-0708
CVE-2019-0891
CVE-2019-0893
CVE-2019-0902
CVE-2019-0903
CVE-2019-0896
CVE-2019-0895
CVE-2019-0936
CVE-2019-0897
CVE-2019-0900
CVE-2019-0725
CVE-2019-0894
CVE-2019-0901
ADV190013
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
Список CVE
- CVE-2019-0921 high
- CVE-2019-0918 critical
- CVE-2019-0884 critical
- CVE-2019-0930 high
- CVE-2019-0895 critical
- CVE-2019-0889 critical
- CVE-2019-0863 critical
- CVE-2019-0758 high
- CVE-2019-0891 critical
- CVE-2019-0936 critical
- CVE-2019-0900 critical
- CVE-2019-0961 high
- CVE-2019-0903 critical
- CVE-2019-0885 critical
- CVE-2019-0894 critical
- CVE-2019-0708 critical
- CVE-2019-0893 critical
- CVE-2019-0902 critical
- CVE-2019-0896 critical
- CVE-2019-0882 high
- CVE-2019-0897 critical
- CVE-2019-0725 critical
- CVE-2019-0901 critical
- CVE-2019-0898 critical
- CVE-2019-0734 critical
- CVE-2019-0890 critical
- CVE-2019-0881 critical
- CVE-2019-0899 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!