CVE-2019-1462

Name of the Vulnerable Software and Affected Versions Microsoft PowerPoint versions (affected versions not specified) Microsoft Office versions (affected versions not specified) Microsoft Office 365 versions (affected versions not specified)

Description A remote code execution issue exists in Microsoft PowerPoint software due to improper handling of objects in memory. This could allow a remote attacker to execute arbitrary code by using a specially crafted file or web page. If the current user has administrative rights, the attacker could gain control of the system, install programs, view or modify data, or create new accounts with full rights. Users with limited rights may be less affected. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office PowerPoint.

Recommendations For Microsoft PowerPoint, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Office, consider disabling the ability to open specially crafted files until a patch is available. For Microsoft Office 365, restrict access to potentially vulnerable components of the software until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.