CVE-2019-0540

Опубликовано: 05 мар. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

Ссылки

http://www.securityfocus.com/bid/106863
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106863
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2013:*:*:*:rt:*:*:*

cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:powerpoint_viewer:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12875

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2019-0540

msrc

больше 6 лет назад

Microsoft Office Security Feature Bypass Vulnerability

GHSA-64wm-87jc-34mv

CVSS3: 5.5

github

больше 3 лет назад

BDU:2019-00866

CVSS3: 4.7

fstec