CVE-2020-1447

Name of the Vulnerable Software and Affected Versions Microsoft Word (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft Office Online Server (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to errors in handling objects in memory, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved by using a specially crafted file, allowing the attacker to perform actions in the security context of the current user. The exploitation requires a user to open the specially crafted file with an affected version of the software.

Recommendations For Microsoft Word, consider avoiding the use of specially crafted files until a fix is available. For Microsoft Office, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft Office Online Server, Microsoft Office Web Apps Server, Microsoft SharePoint Server, and Microsoft SharePoint Enterprise Server, restrict access to vulnerable modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.