CVE-2019-0801
Published Apr 9, 2019
Last updated 6 years ago
Overview
- Description
- A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-19
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
},
{
"criteria": "cpe:2.3:a:microsoft:office_365_proplus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94A9F645-7A3A-44E1-B9E6-14E128746785"
}
],
"operator": "OR"
}
]
}
]