CVE-2019-1109
CRITICALMicrosoft Office - Spoofing via Unvalidated Web Page Request
Title source: llmDescription
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109
Scores
CVSS v3
9.1
EPSS
0.0424
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (4)
microsoft/office
2013 sp1 (2 CPE variants)
microsoft/office
2016
microsoft/office
2019
microsoft/office_365
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026