CVE-2020-1240
published 2020-07-14CVE-2020-1240: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel…
PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
13.82%
96.1th percentile
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| microsoft | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector requires a user to open a specially crafted Microsoft Excel file; the Preview Pane is NOT an attack vector, so detection should focus on file-open events rather than preview actions. ↗
- →In email-based delivery scenarios, monitor for Excel file attachments sent to users combined with social engineering lures, followed by Excel process spawning child processes or unusual memory operations. ↗
- →In web-based delivery scenarios, monitor for Excel files downloaded from websites (including compromised sites hosting user-provided content) and subsequently opened by the user. ↗
- →Successful exploitation results in arbitrary code execution in the context of the current user; monitor Excel (EXCEL.EXE) for anomalous child process creation, network connections, or privilege escalation activity post file-open. ↗
- ·As of the advisory publication, this vulnerability had NOT been publicly disclosed or exploited in the wild, reducing immediate threat urgency but not eliminating risk. ↗
- ·The vulnerability is rooted in improper handling of objects in memory within Microsoft Excel; detection rules targeting memory corruption or object mishandling in Office processes are relevant. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m734-gp7q-qvrx: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft
ghsa_unreviewed·2022-05-24
CVE-2020-1240 [HIGH] CWE-119 GHSA-m734-gp7q-qvrx: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Microsoft
Microsoft Excel Remote Code Execution Vulnerability
vendor_msrc·2020-07-14·CVSS 8.8
CVE-2020-1240 [HIGH] Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file wit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-14
Published