E19-0rtk1
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
30
Year:
2019
Description
This strike exploits an Use-After-Free vulnerability in the Excel component of Microsoft Office. The vulnerability is due to improper handling of XML elements by the MSO.DLL library. The vulnerability can be exploited by crafting a malicious XML file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}