PT-2020-2922 · Microsoft · Word For Android

Fatal0

Published

2020-06-09

Updated

2021-07-21

CVE-2020-1223

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Word for Android (affected versions not specified)

Description The issue is related to insufficient input validation in Microsoft Word for Android, which can be exploited by a remote attacker to execute arbitrary code. To exploit the issue, an attacker would need to convince a user to open a specially crafted URL file. The exploitation allows for remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-03079

CVE-2020-1223

Affected Products

Word For Android

PT-2020-2922 · Microsoft · Word For Android

CVE-2020-1223

Weakness Enumeration

Related Identifiers

Affected Products

References · 3