Lucene search

MicrosoftMS:CVE-2019-1146

HistoryAug 13, 2019 - 7:00 a.m.

Jet Database Engine Remote Code Execution Vulnerability

2019-08-1307:00:00

Microsoft

msrc.microsoft.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.9%

JSON

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Affected configurations

Vulners

Node

microsoftwindows_server_2019Range<2019-Aug

microsoftwindows_10_1809_for_arm64-based_systemsRange<2019-Aug

microsoftwindows_10_1809_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_1809_for_32-bit_systemsRange<2019-Aug

microsoftwindows_10_1803_for_arm64-based_systemsRange<2019-Aug

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2019-Aug

microsoftwindows_10_1803_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_1803_for_32-bit_systemsRange<2019-Aug

microsoftwindows_defender_on_windows_10_1703_for_x64-based_systemsRange<2019-Aug

microsoftwindows_defender_on_windows_10_1703_for_32-bit_systemsRange<2019-Aug

microsoftwindows_10_1903_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_2004_for_32-bit_systemsRange<2019-Aug

microsoftwindows_server\,_version_1903Range<2019-Aug

microsoftwindows_10_1903_for_arm64-based_systemsRange<2019-Aug

microsoftwindows_10_1903_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_1903_for_32-bit_systemsRange<2019-Aug

microsoftwindows_10_1709_for_arm64-based_systemsRange<2019-Aug

microsoftwindows_10_1709_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_1709_for_32-bit_systemsRange<2019-Aug

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2019-Aug

microsoftwindows_server_2012Range<2019-Augr2

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2019-Aug

microsoftwindows_server_2012Range<2019-Aug

microsoftwindows_server_2008Range<2019-Augr2x64

microsoftwindows_server_2008_r2Range<2019-Augsp1itanium

microsoftwindows_server_2008Range<2019-Augx64

microsoftwindows_server_2008Range<2019-Augitanium

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2019-Aug

microsoftwindows_10_2004_for_32-bit_systemsRange<2019-Aug

microsoftwindows_rt_8.1Range<2019-Aug

microsoftwindows_10_1903_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_2004_for_32-bit_systemsRange<2019-Aug

microsoftwindows_10_1903_for_x64-based_systemsRange<2019-Aug

microsoftwindows_10_2004_for_32-bit_systemsRange<2019-Aug

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2019-Aug

microsoftwindows_server_2016Range<2019-Aug

microsoftwindows_defender_on_windows_10_1607_for_x64-based_systemsRange<2019-Aug

microsoftwindows_defender_on_windows_10_1607_for_32-bit_systemsRange<2019-Aug

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.9%

JSON

Related for MS:CVE-2019-1146