CVE-2019-0801

Published: Apr 9, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.

Affected (6)

Products: Microsoft: Office, Office 365 Proplus

Microsoft

2 products

Office

Office 365 Proplus

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2010 sp2
Microsoft Office	Version 2013 sp1
Microsoft Office	Version 2013 sp1
Microsoft Office	Version 2016
Microsoft Office	Version 2019
Microsoft Office 365 Proplus	All versions

Related CWEs

CWE-19

References (4)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801

Source: secure@microsoft.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-358/

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-358/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.