CVE-2020-0991

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Office 365 (affected versions not specified)

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. This allows a remote attacker to execute arbitrary code. If the current user has administrative rights, the attacker could gain control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office.

Recommendations For Microsoft Office, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Office 365, update to a version that properly handles objects in memory to prevent remote code execution. As a temporary workaround, consider restricting access to specially crafted files until a patch is available.