Improper Input Validation

CVE-2019-1109

High

9.1/10

Summary

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory Timeline

Published Jul 15, 2019

Improper Input Validation

CVE-2019-1109

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS