CVE-2019-1462

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office
Office 365 Proplus
Microsoft Powerpoint
Vendor
CVE Published:
10 December 2019

Summary

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.

Affected Version(s)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for Mac

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-1006/
x_refsource_MISC

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.