CVE-2020-1224

CWE-200Information Exposure5 documents5 sources
Severity
5.5MEDIUM
EPSS
25.0%
top 3.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Microsoft 365 Apps FOR EnterpriseMicrosoft Microsoft Excel 2010 Service Pack 2Microsoft Microsoft Excel 2013 Service Pack 1+11 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

CVEListV5microsoft/microsoft_excel_201616.0.0.0publication
CVEListV5microsoft/microsoft_excel_2010_service_pack_213.0.0.0publication
CVEListV5microsoft/microsoft_excel_2013_service_pack_115.0.0.0publication
NVDmicrosoft/excel2010, 2013, 2016+2
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-rh7x-98m6-6q46: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information2022-05-24
CVEList
Microsoft Excel Information Disclosure Vulnerability2020-09-11

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2020-09-08

💬Community

1
Bugzilla
CVE-2018-16328 ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c2018-09-03