CVE-2020-16855

EPSS 19.87%
Veröffentlicht 11.09.2020 17:15:16
Zuletzt bearbeitet 21.11.2024 05:07:16
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p>
<p>The security update addresses the vulnerability by properly initializing the affected variable.</p>

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Office Version2016 SwPlatformmacos

Microsoft ≫ Office Version2019 SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	19.87%	0.953

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16855

EUVD