Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1109

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

Published

2019-07-15T19:15:19.763

Last Modified

2024-11-21T04:36:02.137

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	office	2013	Yes
Application	microsoft	office	2013	Yes
Application	microsoft	office	2016	Yes
Application	microsoft	office	2019	Yes
Application	microsoft	office_365	-	Yes

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109 Patch, Vendor Advisory ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)