Microsoft Office Security Feature Bypass Vulnerability in Microsoft Products
CVE-2019-1264

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Project; Microsoft Office; Office 365 Proplus
Vendor: CVE Published:; 11 September 2019

What is CVE-2019-1264?

A security feature bypass vulnerability in Microsoft Office arises due to improper handling of input. This flaw can allow attackers to exploit the affected versions, circumventing security measures designed to protect users from malicious input. Users may be exposed to potential exploits that could compromise their system's integrity. It is essential to keep your Microsoft Office products updated and apply available patches to mitigate any risks associated with this vulnerability.

Affected Version(s)

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

Microsoft Office 2013 Service Pack 1 (32-bit editions)

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Nov 26, 2018