CVE-2019-1264: Input Validation
First published: Wed Sep 11 2019(Updated: )
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2016 | |
| Microsoft Office | =2019 | |
| Microsoft Office 365 Proplus | ||
| Microsoft Project | =2010-sp2 | |
| Microsoft Project | =2013-sp1 | |
| Microsoft Project | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-1264?
CVE-2019-1264 is a security feature bypass vulnerability that exists in Microsoft Office.
What is the severity of CVE-2019-1264?
The severity of CVE-2019-1264 is high, with a CVSS score of 7.8.
Which versions of Microsoft Office are affected by CVE-2019-1264?
CVE-2019-1264 affects Microsoft Office 2010 SP2, 2013 SP1, 2016, and 2019, as well as Microsoft Office 365 Proplus.
How can I fix CVE-2019-1264?
To fix CVE-2019-1264, apply the security updates provided by Microsoft.
Where can I find more information about CVE-2019-1264?
You can find more information about CVE-2019-1264 on the Microsoft Security Guidance Advisory page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1264
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2010-sp2
- version/microsoft office/2013-sp1
- version/microsoft office/2016
- version/microsoft office/2019
- canonical/microsoft office 365 proplus
- canonical/microsoft project
- version/microsoft project/2010-sp2
- version/microsoft project/2013-sp1
- version/microsoft project/2016