A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
http://www.securityfocus.com/bid/106402
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541
Source: MITRE
Published: 2019-01-08
Updated: 2020-09-28
Type: CWE-77
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
121025 | Security Updates for Microsoft Office Viewer Products (January 2019) | Nessus | Windows : Microsoft Bulletins | high |
121024 | Security Updates for Microsoft Office Products (January 2019) | Nessus | Windows : Microsoft Bulletins | high |
121023 | Security Updates for Internet Explorer (January 2019) | Nessus | Windows : Microsoft Bulletins | high |
121019 | KB4480972: Windows Server 2012 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121018 | KB4480973: Windows 10 Version 1703 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121017 | KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121016 | KB4480957: Windows Server 2008 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121014 | KB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121013 | KB4480962: Windows 10 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121012 | KB4480961: Windows 10 Version 1607 and Windows Server 2016 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |
121011 | KB4480116: Windows 10 Version 1809 and Windows Server 2019 January 2019 Security Update | Nessus | Windows : Microsoft Bulletins | high |