6.4
CVSSv2

CVE-2019-1109

Published: 15/07/2019 Updated: 19/07/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Microsoft Office could allow a remote malicious user to conduct spoofing attacks, caused by improper validation of requests made to Office documents by the Javascript component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to spoof user to read or write information in Office documents.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftOffice2013, 2016, 2019
MicrosoftOffice 365-

Recent Articles

Microsoft Patch Tuesday – July 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 10 Jul 2019

This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.

Posted: 10 Jul, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – July 2019This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still mainta...

Microsoft Releases July 2019 Office Updates With Security Fixes
BleepingComputer • Sergiu Gatlan • 09 Jul 2019

Microsoft released the July 2019 Office Updates today that bundle 20 security updates and 5 cumulative updates. Seeing that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible.
Out of the 20 Office security updates released by Microsoft today, six of them fix remote code execution vulnerabilities (CVE-2019-1110 and CVE-2019-1111) within Office 2016, Office 2013, Office 2010, Excel 20...