Microsoft Windows IOleCvt Interface CVE-2019-0845 Remote Code Execution Vulnerability

description-logoDescription

A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked safe for initialization in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The update addresses the vulnerability by correcting methods exposed when the IOleCvt interface is invoked.

affected-products-logoAffected Applications

Windows RT 8.1
Windows Server version 1709 (Server Core Installation)
Windows Server 2016
Windows Server version 1803 (Server Core Installation)
Windows Server 2012
Windows 8
Windows Server 2008
Windows 10
Windows 7
Windows Server 2019

CVE References

CVE-2019-0845