DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2019-1199", "bulletinFamily": "microsoft", "title": "Microsoft Outlook Memory Corruption Vulnerability", "description": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\n\nNote that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.\n\nThe security update addresses the vulnerability by correcting how Outlook handles objects in memory.\n", "published": "2019-08-13T07:00:00", "modified": "2019-08-13T07:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1199", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-1199"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-03T16:29:41", "edition": 1, "viewCount": 5, "enchantments": {"backreferences": {"references": [{"idList": ["CPAI-2019-1003"], "type": "checkpoint_advisories"}, {"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["KLA11536"], "type": "kaspersky"}, {"idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"], "type": "talosblog"}, {"idList": ["SMNTC-109544"], "type": "symantec"}, {"idList": ["OPENVAS:1361412562310815196"], "type": "openvas"}, {"idList": ["CVE-2019-1199"], "type": "cve"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["SMB_NT_MS19_AUG_OFFICE.NASL"], "type": "nessus"}]}, "dependencies": {"references": [{"idList": ["CPAI-2019-1003"], "type": "checkpoint_advisories"}, {"idList": ["SMB_NT_MS19_AUG_OFFICE.NASL", "SMB_NT_MS19_AUG_OFFICE_C2R.NASL"], "type": "nessus"}, {"idList": ["KLA11536"], "type": "kaspersky"}, {"idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"], "type": "talosblog"}, {"idList": ["SMNTC-109544"], "type": "symantec"}, {"idList": ["OPENVAS:1361412562310815196"], "type": "openvas"}, {"idList": ["CVE-2019-1199"], "type": "cve"}]}, "exploitation": null, "score": {"value": 2.7, "vector": "NONE"}, "vulnersScore": 2.7}, "_state": {"dependencies": 1664814947, "score": 1664815070}, "_internal": {"score_hash": "db8b0505abd9e0c3a8259469b5579070"}, "kbList": [], "msrc": "", "mscve": "CVE-2019-1199", "msAffectedSoftware": [], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:20:11", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Outlook Memory Corruption (CVE-2019-1199)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1199"], "modified": "2019-08-13T00:00:00", "id": "CPAI-2019-1003", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T19:04:43", "bulletinFamily": "software", "cvelist": ["CVE-2019-1199"], "description": "### Description\n\nMicrosoft Outlook is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2019 for 32-bit editions \n * Microsoft Office 2019 for 64-bit editions \n * Microsoft Office 365 ProPlus for 32-bit Systems \n * Microsoft Office 365 ProPlus for 64-bit Systems \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2019-08-13T00:00:00", "id": "SMNTC-109544", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109544", "published": "2019-08-13T00:00:00", "type": "symantec", "title": "Microsoft Outlook CVE-2019-1199 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T19:37:17", "description": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-08-14T21:15:00", "type": "cve", "title": "CVE-2019-1199", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1199"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:office_365_proplus:-", "cpe:/a:microsoft:office:2019"], "id": "CVE-2019-1199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1199", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-06-05T16:27:25", "description": "This host is missing an important security\n update according to Microsoft Office Click-to-Run updates.", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "openvas", "title": "Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities-Aug19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1200", "CVE-2019-1199", "CVE-2019-1201", "CVE-2019-1204", "CVE-2019-1155", "CVE-2019-1205"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815196", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815196\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-1199\", \"CVE-2019-1204\", \"CVE-2019-1200\", \"CVE-2019-1205\",\n \"CVE-2019-1201\", \"CVE-2019-1155\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 11:52:30 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities-Aug19\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Office Click-to-Run updates.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple errors in Microsoft Outlook when the software fails to properly handle\n objects in memory.\n\n - An error when Microsoft Outlook initiates processing of incoming messages\n without sufficient validation of the formatting of the messages.\n\n - Multiple errors in Microsoft Word software when it fails to properly handle objects\n in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to arbitrary code in the context of the current user, force Outlook to load a\n local or remote message store and perform actions in the security context of the\n current user\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 365 (2016 Click-to-Run).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_office_click2run_detect_win.nasl\");\n script_mandatory_keys(\"MS/Off/C2R/Ver\", \"MS/Office/C2R/UpdateChannel\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nofficeVer = get_kb_item(\"MS/Off/C2R/Ver\");\nif(!officeVer || officeVer !~ \"^16\\.\"){\n exit(0);\n}\n\nUpdateChannel = get_kb_item(\"MS/Office/C2R/UpdateChannel\");\nofficePath = get_kb_item(\"MS/Off/C2R/InstallPath\");\n\n## 1907 (Build 11901.20218)\nif(UpdateChannel == \"Monthly Channel\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.11901.20218\")){\n fix = \"1907 (Build 11901.20218)\";\n }\n}\n\n## 1902 (Build 11328.20392)\nelse if(UpdateChannel == \"Semi-Annual Channel (Targeted)\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.11328.20392\")){\n fix = \"1902 (Build 11328.20392)\";\n }\n}\n\n## 1902 (Build 11328.20392)\n## 1808 (Build 10730.20370)\n## 1803 (Build 9126.2432)\nelse if(UpdateChannel == \"Semi-Annual Channel\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.9126.2432\")){\n fix = \"1803 (Build 9126.2432)\";\n }\n\n else if(version_in_range(version:officeVer, test_version:\"16.0.10730\", test_version2:\"16.0.10730.20369\")){\n fix = \"1808 (Build 10730.20370)\";\n }\n else if(version_in_range(version:officeVer, test_version:\"16.0.11328\", test_version2:\"16.0.11328.20391\")){\n fix = \"1902 (Build 11328.20392)\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:officeVer, fixed_version:fix, install_path:officePath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-20T02:49:33", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1200)\n\n - A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1199)\n\n - An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).\n (CVE-2019-1204)\n\n - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1201, CVE-2019-1205)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1155)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products C2R (August 2019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1155", "CVE-2019-1199", "CVE-2019-1200", "CVE-2019-1201", "CVE-2019-1204", "CVE-2019-1205"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS19_AUG_OFFICE_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/162075", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162075);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n script_cve_id(\n \"CVE-2019-1155\",\n \"CVE-2019-1199\",\n \"CVE-2019-1200\",\n \"CVE-2019-1201\",\n \"CVE-2019-1204\",\n \"CVE-2019-1205\"\n );\n\n script_name(english:\"Security Updates for Microsoft Office Products C2R (August 2019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A Microsoft Office product is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Outlook software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. (CVE-2019-1200)\n\n - A remote code execution vulnerability exists in\n Microsoft Outlook when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1199)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Outlook initiates processing of incoming\n messages without sufficient validation of the formatting\n of the messages. An attacker who successfully exploited\n the vulnerability could attempt to force Outlook to load\n a local or remote message store (over SMB).\n (CVE-2019-1204)\n\n - A remote code execution vulnerability exists in\n Microsoft Word software when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. (CVE-2019-1201,\n CVE-2019-1205)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1155)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS19-08';\n\nvar app_info = vcf::microsoft::office::get_app_info(app:'Microsoft Office');\n\nvar constraints = [\n \n {'product':'Microsoft Office 2016','file':'mso.dll','fixed_version':'16.0.9126.2432','channel': 'Deferred'},\n {'product':'Microsoft Office 2016','file':'mso.dll','fixed_version':'16.0.10730.20370','channel': 'Deferred','channel_version': '1808'},\n {'product':'Microsoft Office 2016','file':'mso.dll','fixed_version':'16.0.11328.20392','channel': 'First Release for Deferred'},\n {'product':'Microsoft Office 2016','file':'csi.dll','fixed_version':'16.0.11901.20218','channel': 'Current'},\n {'product':'Microsoft Office 2019','file':'csi.dll','fixed_version':'16.0.11901.20218','channel': '2019 Retail'},\n {'product':'Microsoft Office 2019','file':'mso.dll','fixed_version':'16.0.10349.20017','channel': '2019 Volume'}\n];\n\nvcf::microsoft::office::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n bulletin:bulletin,\n subproduct:\"Office\"\n);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T15:03:12", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1200)\n\n - A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1199)\n\n - An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).\n (CVE-2019-1204)\n\n - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-1201, CVE-2019-1205)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1155)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (August 2019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1155", "CVE-2019-1199", "CVE-2019-1200", "CVE-2019-1201", "CVE-2019-1204", "CVE-2019-1205"], "modified": "2022-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS19_AUG_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/127853", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127853);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2019-1155\",\n \"CVE-2019-1199\",\n \"CVE-2019-1200\",\n \"CVE-2019-1201\",\n \"CVE-2019-1204\",\n \"CVE-2019-1205\"\n );\n script_xref(name:\"MSKB\", value:\"4475531\");\n script_xref(name:\"MSKB\", value:\"4475538\");\n script_xref(name:\"MSKB\", value:\"4475506\");\n script_xref(name:\"MSKB\", value:\"4464599\");\n script_xref(name:\"MSFT\", value:\"MS19-4475531\");\n script_xref(name:\"MSFT\", value:\"MS19-4475538\");\n script_xref(name:\"MSFT\", value:\"MS19-4475506\");\n script_xref(name:\"MSFT\", value:\"MS19-4464599\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (August 2019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A Microsoft Office product is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Outlook software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. (CVE-2019-1200)\n\n - A remote code execution vulnerability exists in\n Microsoft Outlook when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1199)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Outlook initiates processing of incoming\n messages without sufficient validation of the formatting\n of the messages. An attacker who successfully exploited\n the vulnerability could attempt to force Outlook to load\n a local or remote message store (over SMB).\n (CVE-2019-1204)\n\n - A remote code execution vulnerability exists in\n Microsoft Word software when it fails to properly handle\n objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. (CVE-2019-1201,\n CVE-2019-1205)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1155)\");\n # https://support.microsoft.com/en-us/help/4475531/security-update-for-office-2010-august-13-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3b2b0c0\");\n # https://support.microsoft.com/en-us/help/4475538/security-update-for-office-2016-august-13-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93b385ab\");\n # https://support.microsoft.com/en-us/help/4475506/security-update-for-office-2010-august-13-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb5398a0\");\n # https://support.microsoft.com/en-us/help/4464599/security-update-for-office-2013-august-13-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81e1abaf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB4475531\n -KB4475538\n -KB4475506\n -KB4464599\nFor Office 365, Office 2016 C2R, or Office 2019, ensure\nautomatic updates are enabled or open any office app and\nmanually perform an update.\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS19-08\";\nkbs = make_list(\n 4464599,\n 4475538,\n 4475531,\n 4475506\n);\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\noffice_vers = hotfix_check_office_version();\n\n# Office 2010 SP2\nif (office_vers['14.0'])\n{\n office_sp = get_kb_item('SMB/Office/2010/SP');\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = 'Microsoft Office 2010 SP2';\n\n path = hotfix_get_officeprogramfilesdir(officever:'14.0');\n path = hotfix_append_path(path:path, value:'Microsoft Office\\\\Office14');\n kb = \"4475531\";\n file = \"wwlibcxm.dll\";\n version = \"14.0.7236.5000\";\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:'14.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office14');\n kb = \"4475506\";\n file = \"aceexcl.dll\";\n version = \"14.0.7236.5000\";\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n# Office 2013 SP1\nif (office_vers['15.0'])\n{\n office_sp = get_kb_item('SMB/Office/2013/SP');\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = 'Microsoft Office 2013 SP1';\n\n path = hotfix_get_officecommonfilesdir(officever:'15.0');\n path = hotfix_append_path(path:path, value:'Microsoft Shared\\\\Office15');\n kb = '4464599';\n file = \"aceexcl.dll\";\n version = \"15.0.5163.1000\";\n if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER )\n vuln = TRUE;\n }\n}\n\n# Office 2016\nif (office_vers[\"16.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n prod2019 = \"Microsoft Office 2019\";\n \n path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n aceexcl_path = hotfix_append_path(path:path, value:\"Microsoft Shared\\Office16\");\n\n path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n mso_dll_path = hotfix_append_path(path:path, value:\"Microsoft Shared\\Office16\");\n\n c2r_path = mso_dll_path;\n\n # MSI aceexcl.dll\n if (hotfix_check_fversion(file:\"aceexcl.dll\", version:\"16.0.4888.1000\", channel:\"MSI\", channel_product:\"Office\", path:aceexcl_path, kb:'4475538', bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:08:22", "description": "### *Detect date*:\n08/13/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, gain privileges, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft SharePoint Server 2019 \nOutlook for iOS \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office Online Server \nOffice 365 ProPlus for 32-bit Systems \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office 2016 for Mac \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nWindows Server 2012 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2016 \nWindows 8.1 for x64-based systems \nWindows 10 Version 1709 for 64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2019 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Word 2010 Service Pack 2 (64-bit editions)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1203](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1203>) \n[CVE-2019-1218](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218>) \n[CVE-2019-1205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1205>) \n[CVE-2019-1204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204>) \n[CVE-2019-1199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199>) \n[CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>) \n[CVE-2019-1202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202>) \n[CVE-2019-1153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153>) \n[CVE-2019-1155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1155>) \n[CVE-2019-1201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201>) \n[CVE-2019-1149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1149>) \n[CVE-2019-1148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148>) \n[CVE-2019-1151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1151>) \n[ADV190014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190014>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2019-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1153>)2.1Warning \n[CVE-2019-1151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1151>)9.3Critical \n[CVE-2019-1148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1148>)2.1Warning \n[CVE-2019-1155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1155>)9.3Critical \n[CVE-2019-1149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1149>)9.3Critical \n[CVE-2019-1203](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1203>)3.5Warning \n[CVE-2019-1218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1218>)3.5Warning \n[CVE-2019-1205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1205>)9.3Critical \n[CVE-2019-1204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1204>)4.3Warning \n[CVE-2019-1199](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1199>)9.3Critical \n[CVE-2019-1200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1200>)9.3Critical \n[CVE-2019-1202](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1202>)3.6Warning \n[CVE-2019-1201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1201>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4475506](<http://support.microsoft.com/kb/4475506>) \n[4475538](<http://support.microsoft.com/kb/4475538>) \n[4464599](<http://support.microsoft.com/kb/4464599>) \n[4475555](<http://support.microsoft.com/kb/4475555>) \n[4475549](<http://support.microsoft.com/kb/4475549>) \n[4475557](<http://support.microsoft.com/kb/4475557>) \n[4475528](<http://support.microsoft.com/kb/4475528>) \n[4475563](<http://support.microsoft.com/kb/4475563>) \n[4475573](<http://support.microsoft.com/kb/4475573>) \n[4475553](<http://support.microsoft.com/kb/4475553>) \n[4475565](<http://support.microsoft.com/kb/4475565>) \n[4475575](<http://support.microsoft.com/kb/4475575>) \n[4475530](<http://support.microsoft.com/kb/4475530>) \n[4475540](<http://support.microsoft.com/kb/4475540>) \n[4475547](<http://support.microsoft.com/kb/4475547>) \n[4462137](<http://support.microsoft.com/kb/4462137>) \n[4475531](<http://support.microsoft.com/kb/4475531>) \n[4462216](<http://support.microsoft.com/kb/4462216>) \n[4475534](<http://support.microsoft.com/kb/4475534>) \n[4475533](<http://support.microsoft.com/kb/4475533>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "kaspersky", "title": "KLA11536 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1151", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1199", "CVE-2019-1200", "CVE-2019-1201", "CVE-2019-1202", "CVE-2019-1203", "CVE-2019-1204", "CVE-2019-1205", "CVE-2019-1218"], "modified": "2020-06-03T00:00:00", "id": "KLA11536", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11536/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-08-20T14:20:20", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated \u201ccritical,\" 65 that are considered \"important\" and one \"moderate.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories [here](<https://snort.org/advisories>), covering all of the new rules we have for this release. \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below. \n \n[CVE-2019-1181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181>) and [CVE-2019-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182>) are both remote code execution vulnerabilities in Remote Desktop Protocol. The vulnerabilities arise when an attacker connects to the target system using RDP and sends certain specially crafted requests. These bugs require no user interaction and do not require any authentication on the part of the attacker. An attacker could gain the ability to execute arbitrary code by exploiting these vulnerabilities. RDP has gained notoriety recently for being a part of the infamous BlueKeep vulnerability, a wormable bug in Microsoft that has yet to be exploited in the wild. \n \n[CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>) is a remote code execution vulnerability in Microsoft Outlook that occurs when the software fails to properly handle objects in memory. An attacker could use a specially crafted file to exploit this bug and be able to perform actions at the same security level as the current user. A user can exploit this vulnerability by tricking the user into opening a specially crafted file with a vulnerable version of Microsoft Outlook. However, this attack vector only works if the user opens the email itself \u2014 it does not work in preview mode. \n \nThe other critical vulnerabilities are: \n \n\n\n * [CVE-2019-0719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0719>)\n * [CVE-2019-0720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0720>)\n * [CVE-2019-0736](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0736>)\n * [CVE-2019-0965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0965>)\n * [CVE-2019-1131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1131>)\n * [CVE-2019-1133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1133>)\n * [CVE-2019-1139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1139>)\n * [CVE-2019-1140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1140>)\n * [CVE-2019-1141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1141>)\n * [CVE-2019-1144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1144>)\n * [CVE-2019-1145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1145>)\n * [CVE-2019-1149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1149>)\n * [CVE-2019-1150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1150>)\n * [CVE-2019-1151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1151>)\n * [CVE-2019-1152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1152>)\n * [CVE-2019-1181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181>)\n * [CVE-2019-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182>)\n * [CVE-2019-1183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1183>)\n * [CVE-2019-1188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188>)\n * [CVE-2019-1194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1194>)\n * [CVE-2019-1195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1195>)\n * [CVE-2019-1196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1196>)\n * [CVE-2019-1197](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1197>)\n * [CVE-2019-1199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199>)\n * [CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>)\n * [CVE-2019-1201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201>)\n * [CVE-2019-1204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204>)\n * [CVE-2019-1205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1205>)\n * [CVE-2019-1213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213>)\n * [CVE-2019-1222](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222>)\n * [CVE-2019-1226](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226>)\n\n### Important vulnerabilities\n\nThis release also contains 65 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-9506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9506>) is a vulnerability in Bluetooth that could allow an attacker to change the size of a device's encryption key. While it is not directly a Microsoft vulnerability, the company has released a fix for it. An attacker could use a special device to change the encryption key size of a Bluetooth-enabled device to become as small as one. This method only works if the attacker is within an appropriate range fo the targeted device. Microsoft released a software update that enforces a 7-octet minimum key length by default to ensure that a smaller encryption key does not allow an attacker to bypass encryption. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-0714](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0714>)\n * [CVE-2019-0715](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715>)\n * [CVE-2019-0716](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0716>)\n * [CVE-2019-0717](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0717>)\n * [CVE-2019-0718](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0718>)\n * [CVE-2019-0723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0723>)\n * [CVE-2019-1030](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1030>)\n * [CVE-2019-1057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057>)\n * [CVE-2019-1078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1078>)\n * [CVE-2019-1143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1143>)\n * [CVE-2019-1146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1146>)\n * [CVE-2019-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1147>)\n * [CVE-2019-1148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148>)\n * [CVE-2019-1153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153>)\n * [CVE-2019-1154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1154>)\n * [CVE-2019-1155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1155>)\n * [CVE-2019-1156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1156>)\n * [CVE-2019-1157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1157>)\n * [CVE-2019-1158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1158>)\n * [CVE-2019-1159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1159>)\n * [CVE-2019-1160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1160>)\n * [CVE-2019-1161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161>)\n * [CVE-2019-1162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162>)\n * [CVE-2019-1163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1163>)\n * [CVE-2019-1164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164>)\n * [CVE-2019-1168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1168>)\n * [CVE-2019-1169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1169>)\n * [CVE-2019-1170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170>)\n * [CVE-2019-1171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1171>)\n * [CVE-2019-1172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1172>)\n * [CVE-2019-1173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173>)\n * [CVE-2019-1174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174>)\n * [CVE-2019-1175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1175>)\n * [CVE-2019-1176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1176>)\n * [CVE-2019-1177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1177>)\n * [CVE-2019-1178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1178>)\n * [CVE-2019-1179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179>)\n * [CVE-2019-1180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1180>)\n * [CVE-2019-1184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1184>)\n * [CVE-2019-1185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1185>)\n * [CVE-2019-1186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186>)\n * [CVE-2019-1187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1187>)\n * [CVE-2019-1190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1190>)\n * [CVE-2019-1192](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1192>)\n * [CVE-2019-1193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1193>)\n * [CVE-2019-1198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1198>)\n * [CVE-2019-1202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202>)\n * [CVE-2019-1203](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1203>)\n * [CVE-2019-1206](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1206>)\n * [CVE-2019-1211](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211>)\n * [CVE-2019-1212](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1212>)\n * [CVE-2019-1218](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218>)\n * [CVE-2019-1223](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1223>)\n * [CVE-2019-1224](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224>)\n * [CVE-2019-1225](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225>)\n * [CVE-2019-1227](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1227>)\n * [CVE-2019-1228](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1228>)\n * [CVE-2019-1229](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229>)\n * [CVE-2019-9511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9511>)\n * [CVE-2019-9512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9512>)\n * [CVE-2019-9513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9514>)\n * [CVE-2019-9514](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9514>)\n * [CVE-2019-9518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9518>)\n\n### Moderate vulnerability\n\nThere is one moderate vulnerability, [CVE-2019-1185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1185>), an elevation of privilege vulnerability in Windows Subsystem for Linux. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a [new SNORT\u24c7 rule](<https://snort.org/advisories/talos-rules-2019-08-13>) set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 35190, 35191, 40851, 40852, 45142, 45143, 50936 - 50939, 50969 - 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 - 51006\n\n", "cvss3": {}, "published": "2019-08-14T09:55:35", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Aug. 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0712", "CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0717", "CVE-2019-0718", "CVE-2019-0719", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1141", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1154", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1160", "CVE-2019-1161", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1170", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1173", "CVE-2019-1174", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1184", "CVE-2019-1185", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1190", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1199", "CVE-2019-1200", "CVE-2019-1201", "CVE-2019-1202", "CVE-2019-1203", "CVE-2019-1204", "CVE-2019-1205", "CVE-2019-1206", "CVE-2019-1211", "CVE-2019-1212", "CVE-2019-1213", "CVE-2019-1218", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1227", "CVE-2019-1228", "CVE-2019-1229", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2019-08-14T09:55:35", "id": "TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/ztSCwF-b7VI/microsoft-patch-tuesday-aug-2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}