CVE-2019-0801

Summary

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office2010 Service Pack 2 (32-bit editions)affected
MicrosoftMicrosoft Office2010 Service Pack 2 (64-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (32-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (64-bit editions)affected
MicrosoftMicrosoft Office2013 RT Service Pack 1affected
MicrosoftMicrosoft Office2016 (32-bit edition)affected
MicrosoftMicrosoft Office2016 (64-bit edition)affected
MicrosoftMicrosoft Office2019 for 32-bit editionsaffected
MicrosoftMicrosoft Office2019 for 64-bit editionsaffected
MicrosoftOffice 365 ProPlus32-bit Systemsaffected
MicrosoftOffice 365 ProPlus64-bit Systemsaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References