5 matches found
CVE-2019-1109
CVE-2019-1109 describes a spoofing vulnerability in Microsoft Office where Office JavaScript fails to validate the web page making a request to Office documents. An attacker could read or write information in Office documents. The fixed behavior is to correct how Microsoft Office JavaScript verif...
CVE-2019-1402
CVE-2019-1402 : Affected software is Microsoft Office; vulnerability arises from the software’s failure to properly handle objects in memory, leading to information disclosure. The available connected documents confirm the information-disclosure impact but do not provide specific vulnerable compo...
CVE-2019-1446
CVE-2019-1446 describes an information-disclosure vulnerability in Microsoft Excel/Office where memory contents may be exposed due to improper handling of memory objects. The issue is discussed in connected Nessus/OpenVAS entries tied to November 2019 Office/Excel security updates, indicating aff...
CVE-2019-0945
CVE-2019-0945 is a remote code execution vulnerability in the Microsoft Office Access Connectivity Engine, triggered by improper handling of objects in memory. The issue affects Microsoft Office products using the Office Connectivity Engine and can be exploited when a user opens a specially craft...
CVE-2018-8597
CVE-2018-8597 is a remote code execution vulnerability in Microsoft Excel/Office where improper handling of in-memory objects can allow arbitrary code execution in the context of the current user. Exploitation typically requires a user to open a specially crafted file, and affects Excel component...