CVE-2020-1497 — Sensitive Information Exposure in Microsoft 365 Apps FOR Enterprise

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

28.5%

top 3.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft 365 Apps FOR Enterprise Microsoft Excel 2010 Service Pack 2 Microsoft Excel 2013 Service Pack 1 +7 more

Timeline

PublishedAug 17

Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5microsoft/microsoft_excel_201616.0.0.0 — publication

▶CVEListV5microsoft/microsoft_excel_2010_service_pack_213.0.0.0 — publication

▶CVEListV5microsoft/microsoft_excel_2013_service_pack_115.0.0.0 — publication

▶NVDmicrosoft/excel2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_office_201616.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vf2x-qf2w-jf86: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information↗2022-05-24

▶

CVEList

Microsoft Excel Information Disclosure Vulnerability↗2020-08-17

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Information Disclosure Vulnerability↗2020-08-11

▶

💬Community

Bugzilla

CVE-2019-15693 tigervnc: Heap buffer overflow in TightDecoder::FilterGradient↗2020-01-13

▶