Microsoft · Office Word · CVE-2019-0561
Name of the Vulnerable Software and Affected Versions:
Microsoft Word versions (affected versions not specified)
Office 365 ProPlus versions (affected versions not specified)
Microsoft Office versions (affected versions not specified)
Description:
An information disclosure issue exists due to improper use of Microsoft Word macro buttons. This could allow a remote attacker to read arbitrary files by crafting a special document file and convincing the user to open it. The attacker must know the location of the file they wish to access.
Recommendations:
For Microsoft Word, consider disabling the use of macro buttons until a fix is available.
For Office 365 ProPlus, restrict access to sensitive files that could be accessed through this vulnerability.
For Microsoft Office, avoid opening specially crafted document files from untrusted sources.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.