First published: Tue Mar 05 2019(Updated: )
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Excel Viewer | ||
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2013 | |
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2016 | |
Microsoft Office | =2019 | |
Microsoft Office 365 Proplus | ||
Microsoft PowerPoint Viewer | ||
Microsoft Word Viewer |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0540 is a security feature bypass vulnerability in Microsoft Office that allows attackers to trick victims into entering credentials.
CVE-2019-0540 works by exploiting Microsoft Office's failure to validate URLs, enabling attackers to send specially crafted files to victims.
Microsoft Excel Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office 365 Proplus, Microsoft PowerPoint Viewer, and Microsoft Word Viewer are affected by CVE-2019-0540.
CVE-2019-0540 has a severity rating of 5.5, which is considered medium.
To mitigate CVE-2019-0540, it is recommended to apply the latest security updates provided by Microsoft.