CVE-2019-1402

MEDIUM

Microsoft Office - Information Disclosure via Improper Memory Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1402. PoCs published by lauxjpn.

AI-analyzed exploit summary This repository provides a detailed technical workaround for the CVE-2019-1402 vulnerability in MS Access, which causes the 'Query is corrupt' error. It includes instructions for applying and removing the workaround via VBA functions to rename tables and create queries.

Description

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

Exploits (1)

nomisec WRITEUP 3 stars

by lauxjpn · poc

https://github.com/lauxjpn/CorruptQueryAccessWorkaround

View Code ZIP pw:eip

This repository provides a detailed technical workaround for the CVE-2019-1402 vulnerability in MS Access, which causes the 'Query is corrupt' error. It includes instructions for applying and removing the workaround via VBA functions to rename tables and create queries.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Access (various versions)

Auth required

Prerequisites: Access to MS Access database · VBA Editor with specific references enabled

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402

Scores

CVSS v3 5.5

EPSS 0.0212

EPSS Percentile 84.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

microsoft/office 2010 sp2

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office 2016

microsoft/office 2019

microsoft/office_365

Published Nov 12, 2019

Tracked Since Feb 18, 2026