CVE-2020-1322

CWE-125 — Out-of-bounds Read CWE-908 — Use of Uninitialized Resource CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

25.1%

top 3.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft 365 Apps FOR Enterprise FOR 32-bit Systems Microsoft Microsoft 365 Apps FOR Enterprise FOR 64-bit Systems Microsoft Microsoft Office +3 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDmicrosoft/project2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_project6 versions+5

▶NVDmicrosoft/office2019

▶CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

▶CVEListV5microsoft/microsoft_365_apps_for_enterprise_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch6w-869j-m5qj: An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Proje↗2022-05-24

▶

CVEList

CVE-2020-1322: An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Proje↗2020-06-09

▶

📋Vendor Advisories

Microsoft

Microsoft Project Information Disclosure Vulnerability↗2020-06-09

▶