Detections
Analytics
Security Updates for Microsoft Excel Products (February 2019)
medium Nessus Plugin ID 122128
Language:
Synopsis
The Microsoft Excel Products are affected by multiple vulnerabilities.Description
The Microsoft Excel Products are missing security updates. They are, therefore, affected by multiple vulnerabilities :- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
(CVE-2019-0669)
Solution
Microsoft has released the following security updates to address this issue:-KB4462186
-KB4461597
-KB4462115
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
See Also
http://www.nessus.org/u?a6dc97e9
http://www.nessus.org/u?c4275854
http://www.nessus.org/u?3562e53f
http://www.nessus.org/u?c6fc9b1b
Plugin Details
Severity: Medium
ID: 122128
File Name: smb_nt_ms19_feb_excel.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 2/12/2019
Updated: 6/10/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-0669
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:excel
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 2/12/2019
Vulnerability Publication Date: 2/12/2019
Reference Information
CVE: CVE-2019-0669
BID: 106897