9.3
CVSSv2

CVE-2019-0888

Published: 12/06/2019 Updated: 12/06/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the ActiveX Data Objects (ADO) component of Microsoft Windows could allow an unauthenticated, remote malicious user to execute arbitrary code on a targeted system. The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link that submits malicious input to the system. A successful exploit could allow the malicious user to execute arbitrary code with the privileges of the user. Microsoft confirmed the vulnerability and released software updates.

Vulnerability Trend

Github Repositories

CVE-2019-0888 PoC for CVE-2019-0888 - Use-After-Free in Windows ActiveX Data Objects (ADO) Write-up: newssophoscom/en-us/2019/07/09/cve-2019-0888-use-after-free-in-windows-activex-data-objects-ado/

awesome-windows-kernel-security-development pe file format githubcom/corkami/pics meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkaindl/meltdown-poc githubcom/feruxmax/meltdown githubcom/Eugnis/spectre-attack lightweight c++ gui library githubcom/zlgopen/awtk githubcom/idea4good/GuiLite htt

Recent Articles

Microsoft Patch Tuesday – June 2019
Symantec Threat Intelligence Blog • Himanshu Mehta • 12 Jun 2019

This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.

Posted: 12 Jun, 201931 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – June 2019This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still mainta...