The vulnerability of Microsoft Office and Microsoft Excel packages lies in memory object processing errors, which allow attackers to exploit these vulnerabilities to disclose sensitive information.

🗓️ 22 Sep 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

Office and Excel memory handling errors allow disclosure of sensitive information via a crafted document.

Reporter	Title	Published	Views	Family All 34
Information Security Automation	Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange	30 Sep 202023:46	–	avleonov
CNVD	Microsoft Excel Information Disclosure Vulnerability (CNVD-2020-59752)	26 Oct 202000:00	–	cnvd
CVE	CVE-2020-1224	11 Sep 202017:09	–	cve
Cvelist	CVE-2020-1224 Microsoft Excel Information Disclosure Vulnerability	11 Sep 202017:09	–	cvelist
Microsoft KB	Description of the security update for Office Online Server: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for Excel 2016: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Enterprise Server 2013: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for Office Web Apps Server 2013: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for Excel 2013: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for Excel 2010: September 8, 2020	8 Sep 202007:00	–	mskb

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-1224
web	www.web.nvd.nist.gov/view/vuln/detail

22 Sep 2020 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.7

CVSS 35.5

EPSS0.04352

Microsoft Office Excel Memory handling errors Information disclosure Crafted document