Endpoint Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Description

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs. An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials. An attacker who successfully exploited this vulnerability could perform a phishing attack. The update addresses the vulnerability by ensuring Microsoft Office properly validates URLs.

Affected Products

Office 365 ProPlus for 32-bit Systems,Microsoft Office 2010 Service Pack 2 (32-bit editions),Microsoft Office 2010 Service Pack 2 (64-bit editions),Microsoft Office 2013 Service Pack 1 (64-bit editions),Microsoft Office 2016 x64,Microsoft Office Compatibility Pack Service Pack 3,Microsoft Office 2013 RT Service Pack 1,Microsoft Office 2019 for 64-bit editions,Microsoft Office Word Viewer,Office 365 ProPlus for 64-bit Systems

References

CVE-2019-0540,