CVE-2019-1263

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
16.1%
top 5.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft ExcelMicrosoft Microsoft OfficeMicrosoft Office 365 Proplus+2 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDmicrosoft/excel4 versions+3
CVEListV5microsoft/microsoft_excel7 versions+6
NVDmicrosoft/office2016, 2019+1
CVEListV5microsoft/microsoft_office4 versions+3
CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9966-jcrj-hwhw: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2022-05-24
CVEList
CVE-2019-1263: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2019-09-11

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2019-09-10
CVE-2019-1263 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io