5.5

CVE-2020-1497

EPSS 25.76%
Published 17.08.2020 19:15:16
Last modified 21.11.2024 05:10:41
Source secure@microsoft.com
Teams watchlist Login
Open Login

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Excel Version2010 Updatesp2

Microsoft ≫ Excel Version2013 Updatesp1

Microsoft ≫ Excel Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Excel Version2016

Microsoft ≫ Office Version2010 Updatesp2

Microsoft ≫ Office Version2013 Updatesp1

Microsoft ≫ Office Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Office Version2016

Microsoft ≫ Office Version2019 SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.76%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1497

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1497

EUVD