1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Microsoft Office RCE CVE-2019-0801

Web Attack: Microsoft Office RCE CVE-2019-0801

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in Microsoft Office.

Additional Information

Microsoft Office is prone to a remote code-execution vulnerability. Specifically, this issue occurs because the application fails to properly handle certain files. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file.

Note: To exploit this issue, an attacker require to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.

Affected

  • Microsoft Office 365 ProPlus for 64-bit Systems 0
  • Microsoft Office 365 ProPlus for 32-bit Systems 0
  • Microsoft Office 2019 for 64-bit editions 0
  • Microsoft Office 2019 for 32-bit editions 0
  • Microsoft Office 2016 (64-bit edition) 0
  • Microsoft Office 2016 (32-bit edition) 0
  • Microsoft Office 2013 Service Pack 1 (64-bit editions)
  • Microsoft Office 2013 Service Pack 1 (32-bit editions)
  • Microsoft Office 2013 RT Service Pack 1 0
  • Microsoft Office 2010 (64-bit edition) SP2
  • Microsoft Office 2010 (32-bit edition) SP2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube