Vulnerability Description
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2010 |
| Microsoft | Office 365 Proplus | All versions |
Related Weaknesses (CWE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-19-358/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-19-358/
FAQ
What is CVE-2019-0801?
CVE-2019-0801 is a vulnerability with a CVSS score of 7.8 (HIGH). A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially cr...
How severe is CVE-2019-0801?
CVE-2019-0801 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0801?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office 365 Proplus.