CVE-2019-1446

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
9.8%
top 7.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Excel Services ON Microsoft Sharepoint Server 2010 Service Pack 2Microsoft Microsoft ExcelMicrosoft Microsoft Office+6 more
Timeline
PublishedNov 12
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDmicrosoft/excel2010, 2013, 2016+2
CVEListV5microsoft/microsoft_excel8 versions+7
NVDmicrosoft/office4 versions+3
CVEListV5microsoft/microsoft_office10 versions+9

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-crj8-3j59-2qxc: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2022-05-24
CVEList
CVE-2019-1446: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2019-11-12

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2019-11-12
CVE-2019-1446 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io