Remote Code Execution Vulnerability in Microsoft Excel
CVE-2020-0653

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Office 365 Proplus
Vendor: CVE Published:; 14 January 2020

Summary

A vulnerability impacting Microsoft Excel allows remote code execution if an attacker tricks a user into opening a specially crafted Excel file. The vulnerability arises from improper handling of objects in memory, which could result in the execution of arbitrary code in the context of the user running the application. This poses significant risks, as it may lead to unauthorized access to sensitive information and system manipulation.

Affected Version(s)

Office 365 ProPlus 32-bit Systems

Office 365 ProPlus 64-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2020
Vulnerability Reserved
Nov 4, 2019