CVE-2019-0541

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 9 through 11 Microsoft Office (affected versions not specified) Microsoft Office Word Viewer (affected versions not specified) Microsoft Excel Viewer (affected versions not specified) Office 365 ProPlus (affected versions not specified)

Description: A remote code execution issue exists due to the MSHTML engine's improper validation of input. This could allow a remote attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could gain control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Internet Explorer versions 9 through 11, update to a version that includes the fix for this issue. For Microsoft Office, apply the necessary security update to resolve the vulnerability. For Microsoft Office Word Viewer, Microsoft Excel Viewer, and Office 365 ProPlus, apply the relevant security patches to mitigate the risk. As a temporary workaround, consider restricting the use of the MSHTML engine until a patch is available. Avoid opening specially crafted files from untrusted sources to minimize the risk of exploitation.