Lucene search
RgodZDI-19-358HistoryApr 15, 2019 - 12:00 a.m.
Microsoft Office Protocol Handler Directory Traversal File Creation Vulnerability
2019-04-1500:00:00
rgod
www.zerodayinitiative.com
26
EPSS
0.033
Percentile
91.4%
This vulnerability allows remote attackers to create files in arbitrary locations on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of URL protocol handlers for various types of Office documents. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a file in the context of the current user.
Related
mskb
mskb
Description of the security update for Office 2016: April 9, 2019
2019-04-09 07:00:00
Description of the security update for Office 2013: April 9, 2019
2019-04-09 07:00:00
Description of the security update for Office 2010: April 9, 2019
2019-04-09 07:00:00
prion
prion
Remote code execution
2019-04-09 21:29:00
cve
cve
CVE-2019-0801
2019-04-09 21:29:00
openvas
openvas
checkpoint_advisories
checkpoint_advisories
Microsoft Office Remote Code Execution (CVE-2019-0801)
2019-04-09 00:00:00
cvelist
cvelist
CVE-2019-0801
2019-04-09 20:15:28
nvd
nvd
CVE-2019-0801
2019-04-09 21:29:00
mscve
mscve
Office Remote Code Execution Vulnerability
2019-04-09 07:00:00
symantec
symantec
Microsoft Office CVE-2019-0801 Remote Code Execution Vulnerability
2019-04-09 00:00:00
nessus
nessus
Security Updates for Microsoft Office Products C2R (April 2019)
2022-06-10 00:00:00
Security Updates for Microsoft Office Products (April 2019)
2019-04-09 00:00:00
kaspersky
kaspersky
KLA11461 Multiple vulnerabilities in Microsoft Office
2019-04-09 00:00:00
talosblog
talosblog