Strike ID:
E19-0rtk1
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
30
Year:
2019

Description

This strike exploits an Use-After-Free vulnerability in the Excel component of Microsoft Office. The vulnerability is due to improper handling of XML elements by the MSO.DLL library. The vulnerability can be exploited by crafting a malicious XML file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}