CVE-2019-1446

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions prior to the fixed version Microsoft Office versions prior to the fixed version Microsoft Office 365 versions prior to the fixed version Microsoft SharePoint Enterprise Server versions prior to the fixed version Microsoft Office Online Server versions prior to the fixed version

Description The issue is related to an information disclosure vulnerability that occurs when Microsoft Excel improperly discloses the contents of its memory. This could allow a remote attacker to gain unauthorized access to protected information. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. The attacker must know the memory address location where the object was created. This information could be used to compromise the user's computer or data.

Recommendations For Microsoft Excel, update to a version that includes the fix for this issue. For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft Office 365, update to a version that includes the fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue. For Microsoft Office Online Server, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the opening of specially crafted document files until a patch is available.