CVE-2019-1449
published 2019-11-12CVE-2019-1449: A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_office | — | — |
| microsoft | office | — | — |
| microsoft | office_365_proplus | — | — |
| microsoft | office_365_proplus | — | — |
| msrc | microsoft_office_2019_for_32-bit_editions | — | — |
| msrc | microsoft_office_2019_for_64-bit_editions | — | — |
| msrc | office_365_proplus_for_32-bit_systems | — | — |
| msrc | office_365_proplus_for_64-bit_systems | — | — |