Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1447: Microsoft Office Online Spoofing Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft CVE-2019-1447: Microsoft Office Online Spoofing Vulnerability

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
11/12/2019
Created
11/13/2019
Added
11/12/2019
Modified
11/18/2019

Description

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly. An attacker could exploit the vulnerability by sending a specially crafted request to an affected site. The attacker who successfully exploited the vulnerability could then perform cross-origin attacks on affected systems. These attacks could allow the attacker to read content that the attacker is not authorized to read, and use the victim's identity to take actions on the site on behalf of the victim. The victim needs to be authenticated for an attacker to compromise the victim. The security update addresses the vulnerability by ensuring that Office Online properly validates origins.

Solution(s)

  • msft-kb4484141-321c5179-a19a-4255-9cf0-5e978c24e629

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;