What is CVE-2019-1448?

CVE-2019-1448 is a vulnerability in Microsoft Excel. Published 2019-11-12.

Is CVE-2019-1448 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Excel

CVE-2019-1448

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

EPSS: 0.380 (97.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Excel — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2013 Service Pack 1 (32-bit editions)
Microsoft Office — versions 2016 for Mac, 2019 for 32-bit editions, 2019 for 64-bit editions
Microsoft Office 365 Proplus — versions 32-bit Systems, 64-bit Systems

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1448?: CVE-2019-1448 is a vulnerability in Microsoft Excel. Published 2019-11-12.
Is CVE-2019-1448 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.