vulnerability

Microsoft Office: CVE-2019-1449: Microsoft Office ClickToRun Security Feature Bypass Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Nov 12, 2019	Aug 13, 2020	Sep 12, 2023

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Nov 12, 2019

Added

Aug 13, 2020

Modified

Sep 12, 2023

Description

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.

Solution

office-click-to-run-upgrade-latest

References

CVE-2019-1449
https://attackerkb.com/topics/CVE-2019-1449

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today