CVE-2020-1338 Microsoft Word Remote Code Execution Vulnerability

🗓️ 11 Sep 2020 17:09:15Reported by microsoftType

Microsoft Word Remote Code Execution Vulnerabilit

Reporter	Title	Published	Views	Family All 28
Information Security Automation	Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange	30 Sep 202023:46	–	avleonov
BDU FSTEC	The vulnerability of Microsoft Office packages, Microsoft Office Online Server, and Microsoft SharePoint Server lies in memory object processing errors, which allow attackers to gain unauthorized access to protected information.	24 Sep 202000:00	–	bdu_fstec
CNVD	Microsoft Word Remote Code Execution Vulnerability (CNVD-2021-08823)	26 Oct 202000:00	–	cnvd
CVE	CVE-2020-1338	11 Sep 202017:09	–	cve
EUVD	EUVD-2020-12215	11 Sep 202017:09	–	euvd
Microsoft KB	Description of the security update for Office Online Server: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server 2019 Language Pack: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server 2019: September 8, 2020	8 Sep 202007:00	–	mskb
Kaspersky	KLA11950 Multiple vulnerabilities in Microsoft Office	8 Sep 202000:00	–	kaspersky
Microsoft CVE	Microsoft Word Remote Code Execution Vulnerability	8 Sep 202007:00	–	mscve

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019 for Mac",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office Online Server",
    "cpes": [
      "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft 365 Apps for Enterprise",
    "cpes": [
      "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2016 for Mac",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1338

31 Dec 2023 21:34Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.8

EPSS0.03665