CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
References
Configurations

Configuration 1

cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:*:*:*:rt:*:*:*
cpe:2.3:a:microsoft:powerpoint_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:excel_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*

Information

Published : 2019-03-05 11:29

Updated : 2020-08-24 05:37


NVD link : CVE-2019-0540

Mitre link : CVE-2019-0540

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')