What is CVE-2019-0540?

CVE-2019-0540 is a vulnerability in Microsoft Excel Viewer. Published 2019-03-06.

Is CVE-2019-0540 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Excel Viewer

CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Fe…

EPSS: 0.222 (95.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel Viewer — versions unspecified
Microsoft Office — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2013 Service Pack 1 (32-bit editions)
Microsoft Office Compatibility Pack — versions Service Pack 3
Microsoft Powerpoint Viewer — versions unspecified
Microsoft Office 365 Proplus — versions 32-bit Systems, 64-bit Systems

Public proof-of-concept exploits

References

106863 (vdb-entry, x_refsource_BID)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-0540?: CVE-2019-0540 is a vulnerability in Microsoft Excel Viewer. Published 2019-03-06.
Is CVE-2019-0540 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.