CVE-2020-16855

CWE-125Out-of-bounds ReadCWE-908Use of Uninitialized Resource4 documents4 sources
Severity
5.5MEDIUM
EPSS
19.9%
top 4.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Microsoft Office 2016 FOR MACMicrosoft Microsoft Office 2019 FOR MACMicrosoft Office
Timeline
PublishedSep 11
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected va

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/microsoft_office_2016_for_mac16.0.0publication
CVEListV5microsoft/microsoft_office_2019_for_mac16.0.0publication
NVDmicrosoft/office2016, 2019+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-gwjj-xwgr-2v6f: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could2022-05-24
CVEList
Microsoft Office Information Disclosure Vulnerability2020-09-11

📋Vendor Advisories

1
Microsoft
Microsoft Office Information Disclosure Vulnerability2020-09-08