CVE-2020-1446

Name of the Vulnerable Software and Affected Versions Microsoft Word (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft SharePoint (affected versions not specified)

Description The issue is related to the incorrect handling of objects in memory, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted file. To exploit the issue, a user must open the specially crafted file with an affected version of the software. This can allow the attacker to perform actions in the security context of the current user.

Recommendations For Microsoft Word, to resolve the issue, update to a version that properly handles objects in memory. For Microsoft Office, consider restricting the use of Microsoft Word until a patch is available. For Microsoft SharePoint, as a temporary workaround, consider disabling the ability to open specially crafted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.