5.5

CVE-2020-1497

EPSS 25.76%
Veröffentlicht 17.08.2020 19:15:16
Zuletzt bearbeitet 21.11.2024 05:10:41
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Excel Version2010 Updatesp2

Microsoft ≫ Excel Version2013 Updatesp1

Microsoft ≫ Excel Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Excel Version2016

Microsoft ≫ Office Version2010 Updatesp2

Microsoft ≫ Office Version2013 Updatesp1

Microsoft ≫ Office Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Office Version2016

Microsoft ≫ Office Version2019 SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.76%	0.96

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1497

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1497

EUVD