CVE-2019-1297
Published: 11 September 2019
Summary
CVE-2019-1297 is a high-severity an unspecified weakness vulnerability in Microsoft Excel. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. The flaw affects Microsoft Excel and carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low attack complexity, no required privileges, and required user interaction.
An attacker can exploit the issue by supplying a specially crafted Excel document that triggers the memory-handling flaw, resulting in arbitrary code execution with the privileges of the current user and full impact on confidentiality, integrity, and availability.
Microsoft security advisories referenced by the CVE provide patch information and mitigation guidance, while the CISA Known Exploited Vulnerabilities catalog confirms that the vulnerability has been leveraged in real-world attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-9862
Vulnerability details
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches that eliminate the memory-handling flaw in Excel before a crafted document can be exploited.
Deploys malicious-code detection mechanisms that can identify and block specially crafted Excel files attempting to trigger the RCE.
Limits the privileges available to Excel, reducing the impact of arbitrary code execution even if the memory flaw is successfully triggered.