Home

CVE-2019-1449

Description

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka Microsoft Office ClickToRun Security Feature Bypass Vulnerability.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.73

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Semi Annual Channel for x64 1902 of version(11328.20468)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Semi Annual Channel for x86 1902 of version(11328.20468)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Business Edition Semi Annual Channel for x64 1902 of version(11328.20468)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Business Edition Semi Annual Channel for x86 1902 of version(11328.20468)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Semi-Annual Channel Version 1902 (Build 11328.20468)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Semi Annual Targeted Channel for x64 1908 of version(11929.20436)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Semi Annual Targeted Channel for x86 1908 of version(11929.20436)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Targeted Channel Version 1908 (Build 11929.20436)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Monthly Channel for x64 1910 of version(12130.20344)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Professional Plus Monthly Channel for x86 1910 of version(12130.20344)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Business Edition Monthly Channel for x64 1910 of version(12130.20344)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Business Edition Monthly Channel for x86 1910 of version(12130.20344)Windows
Microsoft Excel Information Disclosure Vulnerability for Office 365 Monthly Channel Version 1910 (Build 12130.20344)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-27872Update for Office 365 Professional Plus Semi Annual Channel for x64 1902 of version(11328.20468)
PATCH-27874Update for Office 365 Professional Plus Semi Annual Channel for x86 1902 of version(11328.20468)
PATCH-27878Update for Office 365 Business Edition Semi Annual Channel for x86 1902 of version(11328.20468)
PATCH-27894Update for Office 365 Semi-Annual Channel Version 1902 (Build 11328.20468)
PATCH-27880Update for Office 365 Professional Plus Semi Annual Targeted Channel for x64 1908 of version(11929.20436)
PATCH-27882Update for Office 365 Professional Plus Semi Annual Targeted Channel for x86 1908 of version(11929.20436)
PATCH-27893Update for Office 365 Targeted Channel Version 1908 (Build 11929.20436)
PATCH-27864Update for Office 365 Professional Plus Monthly Channel for x64 1910 of version(12130.20344)
PATCH-27866Update for Office 365 Professional Plus Monthly Channel for x86 1910 of version(12130.20344)
PATCH-27868Update for Office 365 Business Edition Monthly Channel for x64 1910 of version(12130.20344)
PATCH-27870Update for Office 365 Business Edition Monthly Channel for x86 1910 of version(12130.20344)
PATCH-27892Update for Office 365 Monthly Channel Version 1910 (Build 12130.20344)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234