CVE-2020-1223

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

36.8%

top 2.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Word FOR Android

Timeline

PublishedJun 9

Latest updateMay 24

Description

A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_word_for_androidunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jwch-v5xr-vmcf: A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files↗2022-05-24

▶

CVEList

CVE-2020-1223: A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files↗2020-06-09

▶

📋Vendor Advisories

Microsoft

Word for Android Remote Code Execution Vulnerability↗2020-06-09

▶