CVE-2019-1109

Summary

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office2013 Service Pack 1 (32-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (64-bit editions)affected
MicrosoftMicrosoft Office2013 RT Service Pack 1affected
MicrosoftMicrosoft Office2016 (32-bit edition)affected
MicrosoftMicrosoft Office2016 (64-bit edition)affected
MicrosoftMicrosoft Office2019 for 32-bit editionsaffected
MicrosoftMicrosoft Office2019 for 64-bit editionsaffected
MicrosoftOffice 365 ProPlus32-bit Systemsaffected
MicrosoftOffice 365 ProPlus64-bit Systemsaffected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

References