CVE-2019-0888
HIGHMicrosoft Windows ADO - ActiveX Data Objects Remote Code Execution
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2019-0888. PoCs published by sophoslabs.
AI-analyzed exploit summary This repository provides a link to a technical writeup by Sophos Labs detailing CVE-2019-0888, a use-after-free vulnerability in Windows ActiveX Data Objects (ADO). The writeup likely includes root cause analysis and technical details, but no functional exploit code is present in the repository itself.
Description
A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.
Exploits (1)
This repository provides a link to a technical writeup by Sophos Labs detailing CVE-2019-0888, a use-after-free vulnerability in Windows ActiveX Data Objects (ADO). The writeup likely includes root cause analysis and technical details, but no functional exploit code is present in the repository itself.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H