Описание
Microsoft Office Security Feature Bypass Vulnerability
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability would be able to view Personally Identifiable Information (PII), bypassing the "ThisDocument.RemovePersonalInformation" expected functionality. The attacker would need to first gain access to a document protected in this way by the target.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
A attacker would need to make use of the affected protection and then make the file accessible, either through direct file sharing, posting the file online, or another avenue of access.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Word 2013 RT Service Pack 1 | - | |
| Microsoft Publisher 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Publisher 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Word 2016 (32-bit edition) | ||
| Microsoft Word 2016 (64-bit edition) | ||
| Microsoft Publisher 2016 (32-bit edition) | ||
| Microsoft Publisher 2016 (64-bit edition) | ||
| Microsoft Office 2019 for 32-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Microsoft Office Security Feature Bypass Vulnerability.
Уязвимость пакета программ Microsoft Office, связанная с ошибками в настройках безопасности, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.5 Medium
CVSS3