Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1264: Microsoft Office Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft CVE-2019-1264: Microsoft Office Security Feature Bypass Vulnerability

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/10/2019
Created
09/11/2019
Added
09/10/2019
Modified
09/20/2019

Description

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell. The update addresses the vulnerability by correcting how Microsoft Office handles input.

Solution(s)

  • msft-kb4461631-86bdbd3b-7461-4214-a2ba-244ff3ed5be9
  • msft-kb4461631-ffa69ae0-31bf-4eda-916d-172ae0899659
  • msft-kb4464548-126dd73d-7a6c-4b28-8048-4e136070e8dd
  • msft-kb4464548-ed1b8d60-8e1d-435e-a457-d4a54cfeb2ce
  • msft-kb4464566-09d65ea4-24e3-498e-ae7e-321628ffe098
  • msft-kb4464566-8820500a-5628-44dd-aa41-41e630e46ee8
  • msft-kb4475607-4fa99b46-765c-4224-a037-7abf04d3b92f
  • msft-kb4475607-c3c0fbf3-a63f-4fbf-9f6e-8e0fd62207b1

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;