CVE-2019-0540

Summary

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office2010 Service Pack 2 (32-bit editions)affected
MicrosoftMicrosoft Office2010 Service Pack 2 (64-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (32-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (64-bit editions)affected
MicrosoftMicrosoft Office2013 RT Service Pack 1affected
MicrosoftMicrosoft Office2016 (32-bit edition)affected
MicrosoftMicrosoft Office2016 (64-bit edition)affected
MicrosoftMicrosoft Office2019 for 32-bit editionsaffected
MicrosoftMicrosoft Office2019 for 64-bit editionsaffected
MicrosoftMicrosoft OfficeWord Vieweraffected
MicrosoftMicrosoft Excel Viewerunspecifiedaffected
MicrosoftOffice 365 ProPlus32-bit Systemsaffected
MicrosoftOffice 365 ProPlus64-bit Systemsaffected
MicrosoftMicrosoft PowerPoint Viewerunspecifiedaffected
MicrosoftMicrosoft Office Compatibility PackService Pack 3affected

Weaknesses

  • Security Feature Bypass

ADP Enrichment

CVE Program Container

Additional References

References