CVE-2019-1297

CVSS 8.8 HIGHEPSS 20.5%● KEV

In short

Microsoft Excel can be tricked into running malicious code when opening a specially crafted file. This happens because the software doesn't properly check objects in memory, allowing attackers to take control of your computer.

Technical detail

Remote code execution vulnerability in Microsoft Excel's memory object handling. Attack vector: user opens malicious .xlsx or similar file; pre-condition: victim must open the crafted document. Impact: arbitrary code execution with privileges of the affected user.

Summary generated and translated by AI from the official description.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft · Microsoft Excel Microsoft · Microsoft Office Microsoft · Office 365 ProPlus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1297