{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:32:45.519","vulnerabilities":[{"cve":{"id":"CVE-2019-1109","sourceIdentifier":"secure@microsoft.com","published":"2019-07-15T19:15:19.763","lastModified":"2024-11-21T04:36:02.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'."},{"lang":"es","value":"Existe una vulnerabilidad de suplantación de identidad cuando Microsoft Office Javascript no comprueba la validez de la página web que realiza una solicitud a documentos de Office. Un atacante que aprovechó esta vulnerabilidad podría leer o escribir información en documentos de Office. La actualización de seguridad subsana la vulnerabilidad al corregir la forma que Microsoft Office Javascript verifica las páginas web de confianza, también se conoce como 'Microsoft Office Spoofing Vulnerability'."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"120690A6-E0A1-4E36-A35A-C87109ECC064"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*","matchCriteriaId":"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*","matchCriteriaId":"E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","matchCriteriaId":"FF177984-A906-43FA-BF60-298133FBBD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_365:-:*:*:*:proplus:*:*:*","matchCriteriaId":"42B167E5-746F-457D-821D-42EF3E3CD8B7"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}