CVE-2020-1338

Name of the Vulnerable Software and Affected Versions: Microsoft Word (affected versions not specified)

Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file to perform actions in the security context of the current user, potentially taking actions on behalf of the logged-on user with the same permissions. The vulnerability can be exploited by convincing a user to open a specially crafted file, which could be sent via email or hosted on a website. The attacker would need to entice the user to click a link and then open the file. The issue is related to errors in processing objects in memory.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.