CVE-2019-1464

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
13.3%
top 5.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft ExcelMicrosoft Microsoft OfficeMicrosoft Office 365 Proplus+2 more
Timeline
PublishedDec 10
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDmicrosoft/excel2010, 2013, 2016+2
CVEListV5microsoft/microsoft_excel7 versions+6
NVDmicrosoft/office4 versions+3
CVEListV5microsoft/microsoft_office11 versions+10
CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-v2x5-cx2r-jprq: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2022-05-24
CVEList
CVE-2019-1464: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2019-12-10

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2019-12-10
CVE-2019-1464 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io