What is CVE-2019-0585?

CVE-2019-0585 is a vulnerability in Microsoft Office. Published 2019-01-08.

Is CVE-2019-0585 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Wor…

EPSS: 0.228 (96.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2016 for Mac
Microsoft Office Online Server — versions Microsoft Office Online Server
Microsoft Office Word Viewer — versions Microsoft Office Word Viewer
Microsoft Sharepoint — versions Enterprise Server 2013 Service Pack 1, Enterprise Server 2016
Microsoft Sharepoint Server — versions 2019
Microsoft Word — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2013 RT Service Pack 1
Microsoft Office — versions 365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems
Microsoft Word — versions Automation Services on Microsoft SharePoint Server 2010 Service Pack 2

Public proof-of-concept exploits

eeenvik1/scripts_

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585 (x_refsource_CONFIRM)
106392 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-0585?: CVE-2019-0585 is a vulnerability in Microsoft Office. Published 2019-01-08.
Is CVE-2019-0585 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.