Information Disclosure Vulnerability in Microsoft Project
CVE-2020-1322

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Project; Microsoft Office; Microsoft 365 Apps For Enterprise For 64-bit Systems; Microsoft 365 Apps For Enterprise For 32-bit Systems
Vendor: CVE Published:; 9 June 2020

Summary

An information disclosure vulnerability occurs when Microsoft Project improperly accesses out-of-bounds memory due to an uninitialized variable. This flaw may allow an attacker to access sensitive information that should not be disclosed, potentially compromising user privacy and data security. Keeping Microsoft Project updated is essential to mitigate this issue and protect sensitive project information.

Affected Version(s)

Microsoft 365 Apps for Enterprise for 32-bit Systems = unspecified

Microsoft 365 Apps for Enterprise for 64-bit Systems = unspecified

Microsoft Office 2019 for 32-bit editions

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019