CVE-2019-1112 — Sensitive Information Exposure in Microsoft Office

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

10.7%

top 6.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office 365 Proplus Microsoft Office

Timeline

PublishedJul 15

Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmicrosoft/office2019

▶CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

▶CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qrxw-jcvq-3hhr: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information↗2022-05-24

▶

CVEList

CVE-2019-1112: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information↗2019-07-29

▶

💥Exploits & PoCs

Exploit-DB

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)↗2019-01-28

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Information Disclosure Vulnerability↗2019-07-09

▶