7.5

CVE-2020-16949

Microsoft Outlook Denial of Service Vulnerability

<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p>
<p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1607
MicrosoftWindows 10 Version1709
MicrosoftWindows 10 Version1803
MicrosoftWindows 10 Version1809
MicrosoftWindows 10 Version1903
MicrosoftWindows 10 Version1909
MicrosoftWindows 10 Version2004
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version1903
MicrosoftWindows Server 2016 Version1909
MicrosoftWindows Server 2016 Version2004
Microsoft365 Apps Version- SwEditionenterprise
MicrosoftOffice Version2019 SwPlatform-
MicrosoftOutlook Version2010 Updatesp2
MicrosoftOutlook Version2013 Updatesp1
MicrosoftOutlook Version2013 Updatesp1 SwEditionrt
MicrosoftOutlook Version2016
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secure@microsoft.com 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949
Patch
Vendor Advisory