Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-0794: OLE Automation Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2019-0794: OLE Automation Remote Code Execution Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/09/2019

Created

04/22/2019

Added

04/09/2019

Modified

11/18/2021

Description

A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke OLE automation through a web browser. However, an attacker would have to entice a user to visit such a website. The update addresses the vulnerability by correcting how OLE automation handles objects in memory.

Solution(s)

msft-kb4493441-30e70ea5-db98-4921-9fb6-cd711cbe111c
msft-kb4493441-c48d3b04-de61-45f8-aa09-19dcdcbf27cf
msft-kb4493441-d4df103d-2ae9-4b1a-a4a3-615b9cceb666
msft-kb4493448-26f5c961-e070-4dfd-87cc-fda0186b23b0
msft-kb4493448-3af9bacd-85de-4861-8f8b-ef48904e8ead
msft-kb4493448-75234a13-f3fc-42e1-8669-b816bbd0faa5
msft-kb4493448-8d9c650b-8e2e-4c88-a261-b0a9100b0a96
msft-kb4493448-9cd10498-a338-45d6-98f7-64e6c7e18418
msft-kb4493448-b1a7e411-ca24-4c4c-a8eb-3efb04a6fece
msft-kb4493450-6e622753-bade-47c0-97ec-3461b680bced
msft-kb4493450-9c079aa3-389b-483f-87fe-f1594a62ad59
msft-kb4493450-e7002d3e-f16b-455e-87dd-96ce17b836a6
msft-kb4493458-0f3ac7c5-f539-4756-80d3-cf14300ca829
msft-kb4493458-3679a90c-7337-4404-95af-f9f8ac2a65ff
msft-kb4493458-a23fd5ae-b1af-48df-8a46-8ad8b994f355
msft-kb4493464-1a60bdf0-0746-4b51-b98a-c7aa184e0e65
msft-kb4493464-2678ef0e-1396-499a-aa6d-7b5edc40c1ed
msft-kb4493464-8c293f3f-ae3d-46af-870d-ed61b2fe12e0
msft-kb4493467-0ec0675a-f389-4e13-8cab-86d750349338
msft-kb4493467-64c865f5-4bf6-4e45-8c54-6734dcc5f5ba
msft-kb4493467-8693f170-0aea-4539-bc72-feffa6e947ba
msft-kb4493470-1a4bffd2-85fe-4062-a441-4ed1ae1164ed
msft-kb4493470-48b60bdc-8a42-4ab2-9d6b-8abf391602c2
msft-kb4493470-5792a381-fac9-4f80-9148-7cadc95cd218
msft-kb4493474-bad85971-a8a3-4eb4-88fe-6f193063d0fe
msft-kb4493474-fac12f23-ce8e-4586-9a58-85df96b6f781
msft-kb4493475-c117f869-0b03-4b0c-85c1-493cb9a068a3
msft-kb4493475-c55d81dd-ec83-4223-a83c-d9af016c3f14
msft-kb4493509-08d3a825-29af-4ebd-b167-019a45e87fb8
msft-kb4493509-623b4e44-1f39-4496-9836-dc80be3ce2cc
msft-kb4493509-b866c1a6-ae98-449c-9285-c3008ae7bebc

References

https://attackerkb.com/topics/cve-2019-0794
CVE - 2019-0794
4493441
4493446
4493448
4493450
4493451
4493458
4493464
4493467
4493470
4493471
4493472
4493474
4493475
4493509

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-0794: OLE Automation Remote Code Execution Vulnerability

Microsoft CVE-2019-0794: OLE Automation Remote Code Execution Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.