CVE-2020-1502

Опубликовано: 17 авг. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*

cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.22521

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-1502

msrc

около 5 лет назад

Microsoft Word Information Disclosure Vulnerability

GHSA-22pr-mvmh-vgg5

CVSS3: 5.5

github

больше 3 лет назад

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583.

BDU:2020-04181

CVSS3: 5

fstec