CVE-2019-0540
Description
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka Microsoft Office Security Feature Bypass Vulnerability.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
22.182
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2013 (KB4462138) 64-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2013 (KB4462138) 32-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2016 (KB4462146) 32-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2016 (KB4462146) 64-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Word Viewer (KB4462154) | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2010 (KB4462174) 32-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office 2010 (KB4462174) 64-Bit Edition | Windows |
| Microsoft Office Security Feature Bypass Vulnerability for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4092465) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1708 (Build 8431.2372) | Windows |
| Update for Office 365 Business Edition Semi-Annual Channel Version 1708 (Build 8431.2372) | Windows |
| Update for Office 365 Business Edition Semi-Annual Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1708 (Build 8431.2372) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2356) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2356) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2356) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2356) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual-Targeted Channel Version 1808 (Build 10730.20280) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual-Targeted Channel Version 1808 (Build 10730.20280) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1808 (Build 10730.20280) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1808 (Build 10730.20280) | Windows |
| Update for Office 365 Business Edition Semi-Annual Channel Version 1808 (Build 10730.20280) | Windows |
| Update for Office 365 Business Edition Semi-Annual Channel Version 1808 (Build 10730.20280) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1901 (Build 11231.20174) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1901 (Build 11231.20174) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1901 (Build 11231.20174) | Windows |
| Jet Database Engine Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1901 (Build 11231.20174) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-26087 | Security Update for Microsoft Office 2013 (KB4462138) 64-Bit Edition |
| PATCH-26088 | Security Update for Microsoft Office 2013 (KB4462138) 32-Bit Edition |
| PATCH-26095 | Security Update for Microsoft Office 2016 (KB4462146) 32-Bit Edition |
| PATCH-26096 | Security Update for Microsoft Office 2016 (KB4462146) 64-Bit Edition |
| PATCH-26195 | Security Update for Word Viewer (KB4462154) |
| PATCH-26078 | Security Update for Microsoft Office 2010 (KB4462174) 32-Bit Edition |
| PATCH-26079 | Security Update for Microsoft Office 2010 (KB4462174) 64-Bit Edition |
| PATCH-26100 | Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4092465) |
| PATCH-26245 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1708 (Build 8431.2372) |
| PATCH-26247 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1708 (Build 8431.2372) |
| PATCH-26382 | Update for Office 365 Professional Plus Monthly Channel Version 1708 (Build 8431.2372) |
| PATCH-26384 | Update for Office 365 Professional Plus Monthly Channel Version 1708 (Build 8431.2372) |
| PATCH-26386 | Update for Office 365 Business Edition Monthly Channel Version 1708 (Build 8431.2372) |
| PATCH-26388 | Update for Office 365 Business Edition Monthly Channel Version 1708 (Build 8431.2372) |
| PATCH-26237 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2356) |
| PATCH-26239 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2356) |
| PATCH-26241 | Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2356) |
| PATCH-26243 | Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2356) |
| PATCH-23950 | Update for Office 365 Professional Plus Semi-Annual-Targeted Channel Version 1808 (Build 10730.20280) |
| PATCH-23952 | Update for Office 365 Professional Plus Semi-Annual-Targeted Channel Version 1808 (Build 10730.20280) |
| PATCH-26229 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1808 (Build 10730.20280) |
| PATCH-26231 | Update for Office 365 Professional Plus Semi-Annual Channel Version 1808 (Build 10730.20280) |
| PATCH-26221 | Update for Office 365 Professional Plus Monthly Channel Version 1901 (Build 11231.20174) |
| PATCH-26223 | Update for Office 365 Professional Plus Monthly Channel Version 1901 (Build 11231.20174) |
| PATCH-26225 | Update for Office 365 Business Edition Monthly Channel Version 1901 (Build 11231.20174) |
| PATCH-26227 | Update for Office 365 Business Edition Monthly Channel Version 1901 (Build 11231.20174) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234