First published: Tue Apr 09 2019(Updated: )
This vulnerability allows remote attackers to create files in arbitrary locations on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of URL protocol handlers for various types of Office documents. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a file in the context of the current user.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | ||
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2016 | |
Microsoft Office | =2019 | |
Microsoft Office 365 Proplus |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0801 is a vulnerability that allows remote attackers to create files in arbitrary locations on vulnerable installations of Microsoft Office.
To exploit CVE-2019-0801, user interaction is required, either by visiting a malicious page or opening a malicious file.
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Office 2019, and Microsoft Office 365 Proplus are affected by CVE-2019-0801.
CVE-2019-0801 has a severity level of 7.8 (high).
To fix CVE-2019-0801, it is recommended to apply the necessary security updates provided by Microsoft for affected Microsoft Office versions.