CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0CVE-2019-0885 – Microsoft Windows ole32 BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0885
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft Windows OLE no puede validar correctamente la entrada del usuario, también conocida como "Vulnerabilidad de ejecución remota de código en OLE de Windows". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files in ole32.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0885 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 0CVE-2019-0891 – Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0891
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. Existe una vulnerabilidad de ejecución remota de código cuando el motor de base de datos Windows Jet maneja incorrectamente los objetos en la memoria, también conocido como 'vulnerabilidad de ejecución remota de código en el motor de base de datos Jet'. Este ID de CVE es único de CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE- 2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0891 •
CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 0CVE-2019-0897 – Microsoft Windows Jet Database Engine Sign Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0897
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. Existe una vulnerabilidad de ejecución de código remota cuando el Windows Jet Database Engine, maneja de manera inapropiada los objetos en la memoria, también se conoce como "Jet Database Engine Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE- 2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0897 •
CVSS: 9.3EPSS: 4%CPEs: 19EXPL: 0CVE-2019-0903 – Microsoft GDI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0903
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Existe una vulnerabilidad de ejecución de código remoto en la manera en que Windows Graphics Device Interface (GDI) maneja los objetos en la memoria, también se conoce como "GDI+ Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fontsub.dll. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903 •
CVSS: 6.5EPSS: 15%CPEs: 19EXPL: 0CVE-2019-0758 – Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-0758
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961. Se presenta una vulnerabilidad de divulgación de información cuando el componente de Windows GDI divulga de manera inapropiada el contenido de su memoria, también se conoce como 'Windows GDI Information Disclosure Vulnerability'. Este ID de CVE es diferente de CVE-2019-0882, CVE-2019-0961. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0758 •