Cyber Resilience

CVE-2019-1297

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 September 2019

Published
11 September 2019
Modified
29 October 2025
KEV Added
03 March 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.4068 97.5th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1297 is a high-severity an unspecified weakness vulnerability in Microsoft Excel. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. The flaw affects Microsoft Excel and carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low attack complexity, no required privileges, and required user interaction.

An attacker can exploit the issue by supplying a specially crafted Excel document that triggers the memory-handling flaw, resulting in arbitrary code execution with the privileges of the current user and full impact on confidentiality, integrity, and availability.

Microsoft security advisories referenced by the CVE provide patch information and mitigation guidance, while the CISA Known Exploited Vulnerabilities catalog confirms that the vulnerability has been leveraged in real-world attacks.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
excel
2010, 2013, 2016
microsoft
office
2016, 2019
microsoft
office 365 proplus
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that eliminate the memory-handling flaw in Excel before a crafted document can be exploited.

preventdetect

Deploys malicious-code detection mechanisms that can identify and block specially crafted Excel files attempting to trigger the RCE.

prevent

Limits the privileges available to Excel, reducing the impact of arbitrary code execution even if the memory flaw is successfully triggered.

References