Endpoint Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Description

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell. The update addresses the vulnerability by correcting how Microsoft Office handles input.

Affected Products

Microsoft Project 2013 Service Pack 1 (32-bit editions),Microsoft Office 2010 Service Pack 2 (32-bit editions),Microsoft Office 2010 Service Pack 2 (64-bit editions),Microsoft Office 2013 Service Pack 1 (64-bit editions),Microsoft Office 2016 x64,Microsoft Office 2013 RT Service Pack 1,Microsoft Office 2013 Service Pack 1 (32-bit editions),Microsoft Office 2019 for 64-bit editions,Microsoft Project 2010 Service Pack 2 (32-bit editions),Microsoft Office 2019 for 32-bit editions

References

CVE-2019-1264,