Security Updates for Microsoft Project (September 2019)
Medium Nessus Plugin ID 128686
SynopsisThe Microsoft Project installation on the remote host is missing a security update.
DescriptionThe Microsoft Project installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :
- A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles input. (CVE-2019-1264)
SolutionMicrosoft has released the following security updates to address this issue: