Vulnerability Data

by Reconmap

CVE-2019-1109

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

Published at
2019-07-15T19:15Z
1770 days ago
Modified
2019-07-19T16:07Z
1766 days ago
CWE-20
Problem type

Impact

CVSS v3 vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References


URLType
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109		N/A

GET https://vulnerabilitydata.com/api/details/CVE-2019-1109

{
	"id": "CVE-2019-1109",
	"published_date": "2019-07-15T19:15Z",
	"last_modified_date": "2019-07-19T16:07Z",
	"assigner": "secure@microsoft.com",
	"description": "A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.",
	"references": [
		{
			"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109",
			"name": "N/A",
			"refsource": "N/A",
			"tags": [
				"Patch",
				"Vendor Advisory"
			]
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.0",
				"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
				"attackVector": "NETWORK",
				"attackComplexity": "LOW",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "HIGH",
				"availabilityImpact": "NONE",
				"baseScore": 9.1,
				"baseSeverity": "CRITICAL"
			},
			"exploitabilityScore": 3.9,
			"impactScore": 5.2
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
				"accessVector": "NETWORK",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "PARTIAL",
				"availabilityImpact": "NONE",
				"baseScore": 6.4
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 10,
			"impactScore": 4.9,
			"acInsufInfo": false,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-20"
}