CVE-2020-1503

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
27.3%
top 3.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft Microsoft 365 Apps FOR EnterpriseMicrosoft Microsoft Office 2010 Service Pack 2Microsoft Microsoft Office 2016 FOR MAC+17 more
Timeline
PublishedAug 17
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word fu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages20 packages

CVEListV5microsoft/microsoft_word_201616.0.1publication
CVEListV5microsoft/microsoft_word_2010_service_pack_213.0.0.0publication
CVEListV5microsoft/microsoft_word_2013_service_pack_115.0.1publication
NVDmicrosoft/word2010, 2013, 2016+2
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vfx9-2vhh-x45q: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Di2022-05-24
CVEList
Microsoft Word Information Disclosure Vulnerability2020-08-17

📋Vendor Advisories

1
Microsoft
Microsoft Word Information Disclosure Vulnerability2020-08-11