CVE-2020-1493

Опубликовано: 17 авг. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

Ссылки

http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493
Patch
Vendor Advisory
http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*

cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*

cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.30325

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

CWE-922

Связанные уязвимости

CVE-2020-1493

msrc

больше 5 лет назад

Microsoft Outlook Information Disclosure Vulnerability

GHSA-w39r-2vjm-hgjq

CVSS3: 5.5

github

больше 3 лет назад

An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

BDU:2020-04156

CVSS3: 4.3

fstec