CVE-2019-1109

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

Published: Jul 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1109
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / office	2013-sp1	2013-sp1.x
microsoft / office	2016	2016.x
microsoft / office	2019	2019.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109

Vulnerability Database

CVE-2019-1109