Information disclosure in Microsoft products - CVE-2019-0561
Published: January 8, 2019
Vulnerability identifier: #VU16882
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-0561
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Word Automation Services on Microsoft SharePoint Server
Microsoft Office Web Apps Server
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Word Automation Services on Microsoft SharePoint Server
Microsoft Office Web Apps Server
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper usage of Microsoft Word macro buttons. A remote attacker can create a specially crafted Microsoft Word file, trick the victim into opening it and read contents of arbitrary file on the system.
Successful exploitation of the vulnerability requires knowledge of the exact location of the file.
How to mitigate CVE-2019-0561
Install updates from vendor's website.