CVE-2019-0561

4 documents4 sources
Severity
5.5MEDIUM
EPSS
23.1%
top 4.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Microsoft OfficeMicrosoft Microsoft WordMicrosoft Office+3 more
Timeline
PublishedJan 8
Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5microsoft/wordAutomation Services on Microsoft SharePoint Server 2010 Service Pack 2
NVDmicrosoft/word2010, 2013, 2016+2
CVEListV5microsoft/microsoft_word7 versions+6
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1
NVDmicrosoft/office2010, 2016, 2019+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-f8fc-7qhq-w549: An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulne2022-05-13
CVEList
CVE-2019-0561: An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulne2019-01-08

📋Vendor Advisories

1
Microsoft
Microsoft Word Information Disclosure Vulnerability2019-01-08
CVE-2019-0561 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io