CVE-2019-1297

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 26, 2018
Published Date: September 11, 2019
Last Updated: July 30, 2025
Vendor: Microsoft
Product: Microsoft Excel, Microsoft Office, Office 365 ProPlus
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-03-03 00:00:00 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-03 00:00:00 UTC

Timeline

CVE ID Reserved

November 26, 2018
CVE Published to Public

September 11, 2019
Added to KEVIntel

March 03, 2022