CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
microsoftexcel_viewer
-
microsoftoffice_365_proplus
-
microsoftpowerpoint_viewer
-
microsoftword_viewer
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106863
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540
http://www.securityfocus.com/bid/106863
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540