Microsoft Word Information Disclosure Vulnerability
CVE-2020-1503

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Enterprise Server 2013 Service Pack 1; Microsoft Sharepoint Server 2019; Microsoft Office 2019
Vendor: CVE Published:; 17 August 2020

Summary

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2010 Service Pack 2 32-bit Systems 13.0.0.0

Microsoft Office 2016 for Mac Unknown 16.0.0

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2020
Vulnerability Reserved
Nov 4, 2019

Collectors

NVD DatabaseMitre Database