CVE-2020-1502

Name of the Vulnerable Software and Affected Versions: Microsoft Word (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft Office Online Server (affected versions not specified) SharePoint Server (affected versions not specified)

Description: An information disclosure issue exists due to improper memory handling in Microsoft Word, allowing an attacker to potentially compromise a user's computer or data. To exploit this, an attacker would need to craft a special document file and convince a user to open it, requiring knowledge of the memory address location where the object was created. The vulnerability is related to errors in processing objects in memory, which could allow an attacker to disclose protected information.

Recommendations: For Microsoft Word, consider restricting the use of certain functions that handle objects in memory until an update is applied. For Microsoft Office, Microsoft Office Online Server, and SharePoint Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.