Security Feature Bypass in Microsoft Office Products
CVE-2019-0540

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Office; Microsoft Excel Viewer; Office 365 Proplus; Microsoft Powerpoint Viewer
Vendor: CVE Published:; 5 March 2019

Summary

A security feature bypass exists in Microsoft Office due to improper validation of URLs. This vulnerability allows an attacker to craft a malicious file that, when opened by a victim, can trick them into providing credentials. Effective remediation measures must be taken to protect against potential exploitation through this vector.

Affected Version(s)

Microsoft Excel Viewer = unspecified

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

References

http://www.securityfocus.com/bid/106863

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 26, 2018