CVE-2019-1449

Summary

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office2019 for 32-bit editionsaffected
MicrosoftMicrosoft Office2019 for 64-bit editionsaffected
MicrosoftOffice 365 ProPlus32-bit Systemsaffected
MicrosoftOffice 365 ProPlus64-bit Systemsaffected

Weaknesses

  • Security Feature Bypass

ADP Enrichment

CVE Program Container

Additional References

References