PT-2020-3217 · Microsoft · Sharepoint Server+4
Published
2020-07-14
·
Updated
2021-07-21
·
CVE-2020-1342
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Office (affected versions not specified)
Microsoft Office Online Server (affected versions not specified)
Microsoft Office Web Apps Server (affected versions not specified)
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Microsoft Word (affected versions not specified)
Description
An information disclosure issue exists due to Microsoft Office software reading out of bound memory because of an uninitialized variable. This could disclose the contents of memory. Exploitation of the issue requires a user to open a specially crafted file with an affected version of Microsoft Office software, potentially allowing a remote attacker to gain unauthorized access to protected information.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Office
Office Online Server
Office Web Apps Server
Sharepoint Server
Office Word