CVE-2019-1297
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft Excel | 2010 Service Pack 2 (32-bit editions) | affected |
| Microsoft | Microsoft Excel | 2010 Service Pack 2 (64-bit editions) | affected |
| Microsoft | Microsoft Excel | 2013 Service Pack 1 (32-bit editions) | affected |
| Microsoft | Microsoft Excel | 2013 Service Pack 1 (64-bit editions) | affected |
| Microsoft | Microsoft Excel | 2013 RT Service Pack 1 | affected |
| Microsoft | Microsoft Excel | 2016 (32-bit edition) | affected |
| Microsoft | Microsoft Excel | 2016 (64-bit edition) | affected |
| Microsoft | Microsoft Office | 2016 for Mac | affected |
| Microsoft | Microsoft Office | 2019 for 32-bit editions | affected |
| Microsoft | Microsoft Office | 2019 for 64-bit editions | affected |
| Microsoft | Microsoft Office | 2019 for Mac | affected |
| Microsoft | Office 365 ProPlus | 32-bit Systems | affected |
| Microsoft | Office 365 ProPlus | 64-bit Systems | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.