CVE-2019-1297

Summary

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Excel2010 Service Pack 2 (32-bit editions)affected
MicrosoftMicrosoft Excel2010 Service Pack 2 (64-bit editions)affected
MicrosoftMicrosoft Excel2013 Service Pack 1 (32-bit editions)affected
MicrosoftMicrosoft Excel2013 Service Pack 1 (64-bit editions)affected
MicrosoftMicrosoft Excel2013 RT Service Pack 1affected
MicrosoftMicrosoft Excel2016 (32-bit edition)affected
MicrosoftMicrosoft Excel2016 (64-bit edition)affected
MicrosoftMicrosoft Office2016 for Macaffected
MicrosoftMicrosoft Office2019 for 32-bit editionsaffected
MicrosoftMicrosoft Office2019 for 64-bit editionsaffected
MicrosoftMicrosoft Office2019 for Macaffected
MicrosoftOffice 365 ProPlus32-bit Systemsaffected
MicrosoftOffice 365 ProPlus64-bit Systemsaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References