cve-2019-1457
Vulnerability from cvelistv5
Published
2019-11-12 18:53
Modified
2024-08-04 18:20
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457 | Patch, Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Microsoft | Microsoft Office |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:20:28.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Office", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 for Mac" }, { "status": "affected", "version": "2019 for Mac" } ] } ], "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka \u0027Microsoft Office Excel Security Feature Bypass\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-12T18:53:20", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-1457", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Office", "version": { "version_data": [ { "version_value": "2016 for Mac" }, { "version_value": "2019 for Mac" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka \u0027Microsoft Office Excel Security Feature Bypass\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1457", "datePublished": "2019-11-12T18:53:20", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T18:20:28.261Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-1457\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-11-12T19:15:16.147\",\"lastModified\":\"2020-08-24T17:37:01.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka \u0027Microsoft Office Excel Security Feature Bypass\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad en el software Microsoft Office al no aplicar la configuraci\u00f3n macro sobre un documento Excel, tambi\u00e9n se conoce como \\\"Microsoft Office Excel Security Feature Bypass\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*\",\"matchCriteriaId\":\"A1A868C4-0A58-4660-9492-1BADD99D8E59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"40961B9E-80B6-42E0-A876-58B3CE056E4E\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1457\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.