CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
microsoftexcel_viewer
-
microsoftoffice_365_proplus
-
microsoftpowerpoint_viewer
-
microsoftword_viewer
-
microsoft365_apps
𝑥
< 1901
microsoftoffice
𝑥
< 1901
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106863
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540
http://www.securityfocus.com/bid/106863
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540