CVE-2019-0790
Description
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka MS XML Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.
Risk Information
Base Score
7.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
28.171
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4493509) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4493509) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows Server 2019 for x64-based Systems (KB4493509) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows Server 2016 (1709) for x64-based Systems (KB4493441) - Delta | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4493441) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows Server 2016 (1709) for x64-based Systems (KB4493441) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4493441) - Delta | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4493441) - Delta | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4493441) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows Server 2016 (1803) for x64-based Systems (KB4493464) - Delta | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4493464) - Delta | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4493464) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows Server 2016 (1803) for x64-based Systems (KB4493464) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4493464) - Cumulative | Windows |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4493464) - Delta | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) - Delta | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) - Delta | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4493446) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows 8.1 for x64-based Systems (KB4493446) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows 8.1 for x86-based Systems (KB4493446) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows 8.1 for x86-based Systems (KB4493467) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows 8.1 for x64-based Systems (KB4493467) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4493467) | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4493470) - Delta | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4493470) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4493470) - Delta | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows Server 2016 for x64-based Systems (KB4493470) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4493470) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows Server 2016 for x64-based Systems (KB4493470) - Delta | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4493475) - Cumulative | Windows |
| Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB4493475) - Cumulative | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows Server 2012 for x64-based Systems (KB4493451) | Windows |
| Win32k Elevation of Privilege Vulnerability for Windows Server 2012 for x64-based Systems (KB4493450) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4493474) | Windows |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4493474) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-26482 | 2019-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4493509) |
| PATCH-26483 | 2019-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4493509) |
| PATCH-26484 | 2019-04 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4493509) |
| PATCH-26470 | 2019-04 Delta Update for Windows Server 2016 (1709) for x64-based Systems (KB4493441) |
| PATCH-26471 | 2019-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4493441) |
| PATCH-26472 | 2019-04 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4493441) |
| PATCH-26473 | 2019-04 Delta Update for Windows 10 Version 1709 for x86-based Systems (KB4493441) |
| PATCH-26474 | 2019-04 Delta Update for Windows 10 Version 1709 for x64-based Systems (KB4493441) |
| PATCH-26475 | 2019-04 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4493441) |
| PATCH-26476 | 2019-04 Delta Update for Windows Server 2016 (1803) for x64-based Systems (KB4493464) |
| PATCH-26477 | 2019-04 Delta Update for Windows 10 Version 1803 for x64-based Systems (KB4493464) |
| PATCH-26478 | 2019-04 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4493464) |
| PATCH-26479 | 2019-04 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4493464) |
| PATCH-26480 | 2019-04 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4493464) |
| PATCH-26481 | 2019-04 Delta Update for Windows 10 Version 1803 for x86-based Systems (KB4493464) |
| PATCH-26490 | 2019-04 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4493446) |
| PATCH-26491 | 2019-04 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4493446) |
| PATCH-26492 | 2019-04 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4493446) |
| PATCH-26422 | 2019-04 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4493467) |
| PATCH-26423 | 2019-04 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4493467) |
| PATCH-26424 | 2019-04 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4493467) |
| PATCH-26458 | 2019-04 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4493470) |
| PATCH-26459 | 2019-04 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4493470) |
| PATCH-26460 | 2019-04 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4493470) |
| PATCH-26461 | 2019-04 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4493470) |
| PATCH-26462 | 2019-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4493470) |
| PATCH-26463 | 2019-04 Delta Update for Windows Server 2016 for x64-based Systems (KB4493470) |
| PATCH-26464 | 2019-04 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4493475) |
| PATCH-26465 | 2019-04 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4493475) |
| PATCH-26493 | 2019-04 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4493451) |
| PATCH-26425 | 2019-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4493450) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234