Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1264: Microsoft Office Security Feature Bypass Vulnerability

Back to Search

Microsoft CVE-2019-1264: Microsoft Office Security Feature Bypass Vulnerability

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/10/2019
Created
09/11/2019
Added
09/10/2019
Modified
09/20/2019

Description

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell. The update addresses the vulnerability by correcting how Microsoft Office handles input.

Solution(s)

  • msft-kb4461631-86bdbd3b-7461-4214-a2ba-244ff3ed5be9
  • msft-kb4461631-ffa69ae0-31bf-4eda-916d-172ae0899659
  • msft-kb4464548-126dd73d-7a6c-4b28-8048-4e136070e8dd
  • msft-kb4464548-ed1b8d60-8e1d-435e-a457-d4a54cfeb2ce
  • msft-kb4464566-09d65ea4-24e3-498e-ae7e-321628ffe098
  • msft-kb4464566-8820500a-5628-44dd-aa41-41e630e46ee8
  • msft-kb4475583-07372de8-cb33-4ee8-862e-0999f648a745
  • msft-kb4475583-1a9a9903-1373-4f31-aa12-67cf9f97baf3
  • msft-kb4475589-314998cf-0176-4f9f-af71-b66e372dfa01
  • msft-kb4475589-41600be6-dd71-4ae6-ae3d-6eae4fbf80c7
  • msft-kb4475607-4fa99b46-765c-4224-a037-7abf04d3b92f
  • msft-kb4475607-c3c0fbf3-a63f-4fbf-9f6e-8e0fd62207b1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;