This vulnerability is being actively exploited via malicious Excel documents, which are sent via email or as attachments in social media posts, or distributed on malicious file-sharing sites. Exploitation of this vulnerability requires only that a user open a malicious Microsoft Excel document. Interestingly, CVE-2019-1273 does not apply to Excel 2003, Excel 2007, Excel 2010, or Excel 2013 for Mac. This means that the majority of Office installations are still vulnerable to this attack. Office versions before 2016 for Mac are not vulnerable to the CVE-2019-1273 attack vector. Click here for details on software versions and operating system requirements for installing and running Office.

Microsoft Excel CVE-2019-12224: Parsing Errors and Remote Code Execution

Microsoft Excel is an office suite of applications, including a spreadsheet application and a presentation application. The spreadsheet application is known as Microsoft Excel. The use of macros in Microsoft Excel was one of the main reasons that it became so popular.
To avoid the risk associated with macros (so called macro viruses), users are encouraged to disable them using Microsoft Office Professional Plus 2013 or newer versions of Microsoft Office for Windows or Mac. It has been reported that macros can be disabled by running the following command in a Command Prompt prompt:
"C:\Program Files\Microsoft Office\Office15\EXCEL.exe" /macrooff
However, if the user has not disabled their macros, malicious actors could run arbitrary code during parsing errors in Microsoft Excel 2007, 2010 and 2013 for Mac. This vulnerability does not apply to Microsoft Excel 2003 or earlier versions on Windows or Mac.

CVE-2019-1274

This vulnerability could be exploited by malicious Microsoft Office documents to allow a remote code execution attack. In order to exploit this vulnerability, an attacker would need to send a malicious Word document or an Excel file to the user via email. Exploitation of this vulnerability requires that a user open the document with one of these applications and allow macros in the application to run.

CVE-2019-1273: Word Processors Do Not Handle RTF Files Correctly

There is a new vulnerability of note that affects Microsoft Word. CVE-2019-1273 is an RTF file parsing vulnerability in Office 2003 and earlier for Windows. This vulnerability, if successfully exploited, would allow an attacker to execute arbitrary code on a victim’s computer by opening a malicious document.
See below for more information on this vulnerability and how it operates:
"The .rtf file parser does not properly validate RTF objects in memory when handling specially crafted documents."
This means that any workstation these files are opened on could be infected with malware. The exploit vector for the CVE-2019-1273 attack is via email or network shares.

VBA Code Execution

VBA code execution is a very serious issue. VBA code can be found in most Microsoft Office applications and is used to create macros. As soon as the document has been opened, VBA code executes and can delete data, disable antivirus software, or delete critical files on the target PC.
Consider the following example of how VBA code might execute:

Dim objExcelApp As Object
objExcelApp = CreateObject("excel.application")
objExcelApp.Visible = True
objExcelApp.DisplayAlerts = True
objExcelApp.DisplayAlerts = False
objExcelApp.Activate
MsgBox "This is a message!"

Timeline

Published on: 11/09/2022 22:15:00 UTC
Last modified on: 11/10/2022 00:33:00 UTC

References