Remote Code Execution Vulnerability in Microsoft Excel by Microsoft
CVE-2020-0979

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Office 365 Proplus
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability in Microsoft Excel allows for remote code execution when the software fails to properly manage objects in memory. An attacker could exploit this issue by crafting a malicious document that could execute arbitrary code on the victim's system once opened. The compromised system may allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users are advised to apply the latest updates from Microsoft to mitigate this security risk.

Affected Version(s)

Office 365 ProPlus 32-bit Systems

Office 365 ProPlus 64-bit Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Nov 4, 2019