CVE-2020-0696

4 documents4 sources

Severity

6.5MEDIUM

EPSS

3.6%

top 12.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Microsoft Microsoft Outlook Microsoft Office 365 Proplus +2 more

Timeline

PublishedFeb 11

Latest updateMay 24

Description

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDmicrosoft/outlook2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_outlook7 versions+6

▶NVDmicrosoft/office2019

▶CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

▶CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fjxj-rf74-7qr4: A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Out↗2022-05-24

▶

CVEList

CVE-2020-0696: A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Out↗2020-02-11

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Security Feature Bypass Vulnerability↗2020-02-11

▶