CVE-2020-16855

EPSS 19.87%
Published 11.09.2020 17:15:16
Last modified 21.11.2024 05:07:16
Source secure@microsoft.com
Teams watchlist Login
Open Login

<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p>
<p>The security update addresses the vulnerability by properly initializing the affected variable.</p>

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2016 SwPlatformmacos

Microsoft ≫ Office Version2019 SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.87%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16855

EUVD