Main Vulnerability Database Vulnerabilities #VU16882

#VU16882 Information disclosure in Microsoft products - CVE-2019-0561

Published: January 8, 2019

Vulnerability identifier: #VU16882

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-0561

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Word Automation Services on Microsoft SharePoint Server
Microsoft Office Web Apps Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper usage of Microsoft Word macro buttons. A remote attacker can create a specially crafted Microsoft Word file, trick the victim into opening it and read contents of arbitrary file on the system.

Successful exploitation of the vulnerability requires knowledge of the exact location of the file.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561

#VU16882 Information disclosure in Microsoft products - CVE-2019-0561

Description

Remediation

External links

Please verify you're human