Vulnerability Details CVE-2019-1449
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-1449
-
cpe:2.3:a:microsoft:office:2019
-
cpe:2.3:a:microsoft:office_365_proplus:-