CVE-2019-0801
Last modified
CVE-2019-0801 is a vulnerability of currently unknown severity. A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.. EPSS estimates a 18.52% chance of exploitation in the next 30 days.
Description
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Office | 2010 | Sp2 |
| Microsoft | Office | 2013 | Sp1 |
| Microsoft | Office | 2016 | — |
| Microsoft | Office | 2019 | — |
| Microsoft | Office 365 Proplus | All versions | — |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801Patch, Vendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0801?
How severe is CVE-2019-0801?
How do I fix CVE-2019-0801?
Are you affected by CVE-2019-0801?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST