5.5
CVE-2020-1503
- EPSS 25.76%
- Veröffentlicht 17.08.2020 19:15:16
- Zuletzt bearbeitet 21.11.2024 05:10:42
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Office Online Server Version-
Microsoft ≫ Office Web Apps Version2010 Updatesp2
Microsoft ≫ Office Web Apps Version2013 Updatesp1
Microsoft ≫ Sharepoint Enterprise Server Version2013 Updatesp1
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Sharepoint Server Version2019
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.76% | 0.96 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|