CVE-2020-1502

EPSS 22.52%
Veröffentlicht 17.08.2020 19:15:16
Zuletzt bearbeitet 21.11.2024 05:10:42
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2019 SwPlatform-

Microsoft ≫ Office Online Server Version-

Microsoft ≫ Sharepoint Server Version2019

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.52%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1502

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1502

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1502

EUVD