vulnerability

Microsoft CVE-2019-1109: Microsoft Office Spoofing Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jul 9, 2019	Jul 9, 2019	Jul 22, 2019

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jul 9, 2019

Added

Jul 9, 2019

Modified

Jul 22, 2019

Description

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.
An attacker who successfully exploited this vulnerability could read or write information in Office documents.
The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages.

Solutions

msft-kb4018375-0cadba9d-795d-4c68-a941-33bd0f4167f4msft-kb4018375-158c74f0-a837-4cb5-8e7e-f8f24ce280c2

References

CVE-2019-1109
https://attackerkb.com/topics/CVE-2019-1109
MSKB-4018375
MSKB-4464534

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report