Microsoft Windows ActiveX Arbitrary Code Execution Vulnerability

By GIXnews


A vulnerability in the ActiveX Data Objects (ADO) component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists because the affected software performs improper memory operations. An attacker could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code and compromise the host system completely.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-0784

Source:: Cisco Multivendor Vulnerability Alerts