CVE-2020-1349

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise For 32-bit Systems; Microsoft 365 Apps For Enterprise For 64-bit Systems; Microsoft Office; Microsoft Outlook
Vendor: CVE Published:; 14 July 2020

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

Affected Version(s)

Microsoft 365 Apps for Enterprise for 32-bit Systems = unspecified

Microsoft 365 Apps for Enterprise for 64-bit Systems = unspecified

Microsoft Office 2019 for 32-bit editions

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-1349
Created by 0neb1n

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

http://packetstormsecurity.com/files/169959/Microsoft-Out...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jul 28, 2020
👾
Exploit known to exist
Jul 28, 2020
Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Nov 4, 2019

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)