CVE-2020-1218

Name of the Vulnerable Software and Affected Versions: Microsoft Word (affected versions not specified)

Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to execute arbitrary code using a specially crafted file, performing actions in the security context of the current user. The vulnerability can be exploited by convincing a user to open a specially crafted file, either via email or by hosting the file on a website. The attacker would need to entice the user to click a link and then open the file. The issue is addressed by correcting how Microsoft Word handles files in memory.

Recommendations: To resolve the issue, apply the security update that corrects how Microsoft Word handles files in memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.