CVE-2019-0540

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Office; Microsoft Excel Viewer; Office 365 Proplus; Microsoft Powerpoint Viewer
Vendor: CVE Published:; 5 March 2019

Summary

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

Affected Version(s)

Microsoft Excel Viewer = unspecified

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

References

http://www.securityfocus.com/bid/106863

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 26, 2018

Collectors

NVD DatabaseMitre Database