Lucene search

MicrosoftCVE-2019-0823

HistoryApr 09, 2019 - 9:29 p.m.

CVE-2019-0823

2019-04-0921:29:01

microsoft

web.nvd.nist.gov

cve-2019-0823

microsoft office

access connectivity engine

remote code execution

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.023

Percentile

89.8%

JSON

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.

Affected configurations

Nvd

Vulners

Node

microsoftofficeMatch2010sp2

VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (32-bit editions)"
      },
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (64-bit editions)"
      }
    ]
  }
]