CVE-2019-0673

EUVD-2019-1433
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0674, CVE-2019-0675.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoftoffice_365_proplus
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4493475
1607 (x64, x86)
KB4493470
1703 (x64, x86)
KB4493474
1709 (arm64, x64, x86)
KB4493441
1803 (arm64, x64, x86)
KB4493464
1809 (arm64, x64, x86)
KB4493509
Windows 7
Service Pack 1 (x64, x86)
KB4493472
Windows 8.1
(x64, x86)
KB4493467
Windows RT 8.1
All
KB4493446
Windows Server
1709 Server Core
KB4493441
1803 Server Core
KB4493464
Windows Server 2008
Service Pack 2 (x64, x86)
KB4493471
Service Pack 2 Server Core (x64, x86)
KB4493471
Windows Server 2008 R2
Service Pack 1 (x64)
KB4493472
Service Pack 1 Server Core (x64)
KB4493472
Windows Server 2012
Server Core
KB4493451
Standard
KB4493451
Windows Server 2012 R2
Server Core
KB4493467
Standard
KB4493467
Windows Server 2016
Server Core
KB4493470
Standard
KB4493470
Windows Server 2019
Server Core
KB4493509
Standard
KB4493509
References
http://www.securityfocus.com/bid/106930
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673
http://www.securityfocus.com/bid/106930
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673