Published: 05/03/2019 Updated: 13/12/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Vulnerability Trend

Affected Products

Github Repositories

CVE-2019-0604 cve-2019-0604 SharePoint RCE exploit usage: wwwcnblogscom/k8gege/p/11093992html

CVE-2019-0604 CVE-2019-0604 From wwwthezdicom/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability

CVE-2019-0604 CVE-2019-0604 From wwwthezdicom/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability

A proof-of-concept tool for generating payloads that exploit unsafe NET object deserialization Description ysoserialnet is a collection of utilities and property-oriented programming "gadget chains" discovered in common NET libraries that can, under the right conditions, exploit NET applications performing unsafe deserialization of objects The main driver progra

ysoserial.net for Windows execute file

Recent Articles

Microsoft Patch Tuesday – February 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 13 Feb 2020

This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.

Posted: 13 Feb, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – February 2019This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaini...

FBI Warns of DDoS Attack on State Voter Registration Site
BleepingComputer • Sergiu Gatlan • 04 Feb 2020

The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today.
"The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack," according to the FBI PIN seen by B...

U.N. Hack Stemmed From Microsoft SharePoint Flaw
Threatpost • Lindsey O'Donnell • 30 Jan 2020

Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data.
The breach was swept under the rug by the U.N. until this week, when an internal document outlining the hack was leaked by The New Humanitarian, a global news agency focusing on human rights stories. According to the confidential docum...

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it
The Register • Kieren McCarthy in San Francisco • 29 Jan 2020

For an organization accused of being 'all talk, no action', there's not even enough talking – to its own employees

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.
That is the extraordinary claim of The New Humanitarian, which until a few years ago was an official UN publication covering humanitarian crises. Today, it said the UN has confirmed both the hack and the decision not to divulge any details.<...

FBI Releases Alert on Iranian Hackers' Defacement Techniques
BleepingComputer • Sergiu Gatlan • 27 Jan 2020

The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites.
The Cybersecurity and Information Security Agency (CISA) also published a reminder on the same day to provide cybersecurity best practices on safeguarding websites from cyberattacks that could lead to defacement or data breaches...

APT trends report Q2 2019
Securelist • GReAT • 01 Aug 2019

For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They aim to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activiti...

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug
Threatpost • Tara Seals • 10 May 2019

A recently patched, high-severity vulnerability in Microsoft SharePoint (CVE-2019-0604) that allows remote code-execution is being increasingly exploited in the wild, according to researchers – possibly by the FIN7 group, among others.
According to the Microsoft’s advisory, the vulnerability (which carries a 7.8 CVSS v.3.0 score) exists because the software fails to check the source markup of an application package – Microsoft issued a patch in March.
The Canadian Cyber Securit...

It's now 2019, and your Windows DHCP server can be pwned by a packet, IE and Edge by a webpage, and so on
The Register • Shaun Nichols in San Francisco • 13 Feb 2019

Hefty load from Microsoft, Adobe, with special guest star Cisco

Patch Tuesday Microsoft and Adobe have teamed up to give users and sysadmins plenty of work to do this week.
The February edition of Patch Tuesday includes more than 70 CVE-listed vulnerabilities from each vendor – yes, each – as well as a critical security fix from Cisco. You should patch them as soon as it is possible.
For Redmond, the February dump covers 77 CVE-listed bugs across Windows, Office, and Edge/IE.
Among the most potentially serious was CVE-2019-0626, a remot...