CVE-2019-0560 — Sensitive Information Exposure in Microsoft Office

4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

26.9%

top 3.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Microsoft Outlook

Timeline

PublishedJan 8

Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1

▶NVDmicrosoft/office2019

▶CVEListV5microsoft/microsoft_office9 versions+8

▶NVDmicrosoft/outlook2010, 2013, 2016+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-55jm-hf67-79p8: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Informatio↗2022-05-13

▶

CVEList

CVE-2019-0560: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Informatio↗2019-01-08

▶

📋Vendor Advisories

Microsoft

Microsoft Office Information Disclosure Vulnerability↗2019-01-08

▶