Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
BID:106392
CVE-2019-585 |Info
Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
| Bugtraq ID: | 106392 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-0585 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2019 12:00AM |
| Updated: | Jan 08 2019 12:00AM |
| Credit: | Jaanus Kp, Clarified Security working with Trend Micro's Zero Day Initiative |
| Vulnerable: |
Microsoft Word Automation Services on Microsoft SharePoint Server 2010 SP2 0 Microsoft Word 2016 (64-bit edition) 0 Microsoft Word 2016 (32-bit edition) 0 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 RT Service Pack 1 0 Microsoft Word 2010 Service Pack 2 (64-bit editions) 0 Microsoft Word 2010 Service Pack 2 (32-bit editions) 0 Microsoft SharePoint Server 2019 0 Microsoft SharePoint Enterprise Server 2016 0 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Office Word Viewer 0 Microsoft Office Web Apps Server 2010 Service Pack 2 Microsoft Office Online Server 0 Microsoft Office 365 ProPlus for 64-bit Systems 0 Microsoft Office 365 ProPlus for 32-bit Systems 0 Microsoft Office 2019 for Mac 0 Microsoft Office 2019 for 64-bit editions 0 Microsoft Office 2019 for 32-bit editions 0 Microsoft Office 2016 for Mac 0 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2010 (32-bit edition) SP2 |
| Not Vulnerable: | |
Discussion
Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.
Exploit / POC
Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Word CVE-2019-0585 Remote Code Execution Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Microsoft Word Homepage (Microsoft )
- CVE-2019-0585 | Microsoft Word Remote Code Execution Vulnerability (Microsoft)