Unrated severityNVD Advisory· Published Mar 6, 2019· Updated Aug 4, 2024

CVE-2019-0540

Description

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

Affected products

Microsoft/Officellm-fuzzy
Microsoft/Excel Viewercpe-rescue
Range: unspecified
Microsoft/Office Visiocpe-rescue
Range: 2010 Service Pack 2 (32-bit editions)
Microsoft/Office Compatibility Packcpe-rescue
Range: Service Pack 3
Microsoft/Powerpoint Viewercpe-rescue
Range: unspecified
Microsoft/Office 365 ProPluscpe-rescue
Range: 32-bit Systems

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/106863mitrevdb-entryx_refsource_BID
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.018
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000