Remote Code Execution Vulnerability in Microsoft Project Software
CVE-2020-1449
7.8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 July 2020
What is CVE-2020-1449?
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting the improper validation of source markup in files handled by Microsoft Project software. By crafting a specially designed file and tricking the user into opening it, an attacker can gain unauthorized control over the affected system. This situation makes unpatched systems at a significant risk of compromise.
Affected Version(s)
Microsoft 365 Apps for Enterprise for 32-bit Systems = unspecified
Microsoft 365 Apps for Enterprise for 64-bit Systems = unspecified
Microsoft Office 2019 for 32-bit editions