CVE-2019-0541
Published: 08 January 2019
Summary
CVE-2019-0541 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A remote code execution vulnerability exists in the MSHTML engine due to improper input validation, tracked as CVE-2019-0541 with CWE-77. It affects Microsoft Office, Office 365 ProPlus, Microsoft Office Word Viewer, Microsoft Excel Viewer, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The issue carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.
An attacker can exploit the flaw by delivering specially crafted content over the network that triggers the vulnerable MSHTML engine in a user's browser or Office application. Successful exploitation allows remote code execution in the context of the current user, enabling arbitrary code to run, data to be accessed or modified, and system availability to be disrupted.
Microsoft has published an advisory at portal.msrc.microsoft.com detailing the issue and available updates. Public exploit code for the vulnerability has been posted to Exploit-DB, indicating that proof-of-concept attacks are readily accessible to potential adversaries.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1313
Vulnerability details
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer,…
more
Internet Explorer 10, Office 365 ProPlus.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input to the MSHTML engine, blocking the malformed content that triggers the RCE flaw.
Mandates timely application of Microsoft patches that remediate the MSHTML input-validation vulnerability before exploitation.
Deploys malicious-code detection mechanisms that can identify and block the specially crafted content used to exploit CVE-2019-0541.