CVE-2019-1297

HIGH KEV

Microsoft Excel - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2019-1297 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1297

Scores

CVSS v3 8.8

EPSS 0.4068

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2022-03-03

InTheWild.io 2020-07-15

ENISA EUVD EUVD-2019-9862

Status published

Products (6)

microsoft/excel 2010 sp2

microsoft/excel 2013 sp1 (2 CPE variants)

microsoft/excel 2016

microsoft/office 2016

microsoft/office 2019 (2 CPE variants)

microsoft/office_365_proplus

Published Sep 11, 2019

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026