CVE-2019-1448

Name of the Vulnerable Software and Affected Versions Microsoft Excel (affected versions not specified) Office (affected versions not specified) Office 365 (affected versions not specified)

Description A remote code execution issue exists due to the software's failure to properly handle objects in memory or insufficient input validation. This could allow a remote attacker to execute arbitrary code by using a specially crafted file. If the attacker successfully exploits the issue, they could run code in the context of the current user. The impact varies based on the user's rights, with administrative users being more vulnerable. The attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Excel, consider avoiding the use of specially crafted files until a fix is available. For Office, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Office 365, as a temporary workaround, consider disabling the use of files that could trigger the vulnerability until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.