Lucene search

[email protected]CVE-2020-1583

HistoryAug 17, 2020 - 7:15 p.m.

CVE-2020-1583

2020-08-1719:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

microsoft word

information disclosure

cve-2020-1583

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.231 Low

EPSS

Percentile

96.5%

JSON

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

VendorProductVersionCPE
microsoftmicrosoft_sharepoint_enterprise_server_201616.0.0cpe:2.3:a:microsoft:microsoft_sharepoint_enterprise_server_2016:16.0.0:*:*:*:*:*:*:*
microsoftmicrosoft_sharepoint_enterprise_server_2013_sp115.0.0cpe:2.3:a:microsoft:microsoft_sharepoint_enterprise_server_2013_sp1:15.0.0:sp1:*:*:*:*:*:*
microsoftmicrosoft_sharepoint_server_201916.0.0cpe:2.3:a:microsoft:microsoft_sharepoint_server_2019:16.0.0:*:*:*:*:*:*:*
microsoftmicrosoft_office_201919.0.0cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:mac:*:*
microsoftoffice_online_server16.0.1cpe:2.3:a:microsoft:office_online_server:16.0.1:*:*:*:*:*:*:*
microsoft365_apps16.0.1cpe:2.3:a:microsoft:365_apps:16.0.1:*:*:*:*:*:*:*
microsoftmicrosoft_word_201616.0.1cpe:2.3:a:microsoft:microsoft_word_2016:16.0.1:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:mac:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:service:*:*:*

Vendor	Product	Version	CPE
microsoft	microsoft_sharepoint_enterprise_server_2016	16.0.0	cpe:2.3:a:microsoft:microsoft_sharepoint_enterprise_server_2016:16.0.0:::::::*
microsoft	microsoft_sharepoint_enterprise_server_2013_sp1	15.0.0	cpe:2.3:a:microsoft:microsoft_sharepoint_enterprise_server_2013_sp1:15.0.0:sp1::::::
microsoft	microsoft_sharepoint_server_2019	16.0.0	cpe:2.3:a:microsoft:microsoft_sharepoint_server_2019:16.0.0:::::::*
microsoft	microsoft_office_2019	19.0.0	cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:::::::*
microsoft	office	*	cpe:2.3:a:microsoft:office::::::mac::*
microsoft	office_online_server	16.0.1	cpe:2.3:a:microsoft:office_online_server:16.0.1:::::::*
microsoft	365_apps	16.0.1	cpe:2.3:a:microsoft:365_apps:16.0.1:::::::*
microsoft	microsoft_word_2016	16.0.1	cpe:2.3:a:microsoft:microsoft_word_2016:16.0.1:::::::*
microsoft	office	*	cpe:2.3:a:microsoft:office::::::mac::*
microsoft	office	*	cpe:2.3:a:microsoft:office:::::service:::*

Rows per page:

1-10 of 161

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.231 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2020-1583

mscve1 prion1 mskb13 nessus10 kaspersky1 avleonov1