CVE-2020-0651Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
33.7%
top 3.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft ExcelMicrosoft OfficeMicrosoft Office 365 Proplus+1 more
Timeline
PublishedJan 14
Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDmicrosoft/excel4 versions+3
CVEListV5microsoft/microsoft_excel7 versions+6
CVEListV5microsoft/microsoft_office4 versions+3
CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-96gm-5h9x-p3j9: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft2022-05-24
CVEList
CVE-2020-0651: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft2020-01-14
VulnCheck
Microsoft Excel Remote Code Execution2020

📋Vendor Advisories

1
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-01-14
CVE-2020-0651 — Microsoft Excel vulnerability | cvebase