CVE-2020-16855

Name of the Vulnerable Software and Affected Versions: Microsoft Office for Mac (affected versions not specified) Microsoft Office (affected versions not specified)

Description: The issue is related to an information disclosure problem caused by reading out of bound memory due to an uninitialized variable. This could potentially disclose the contents of memory. An attacker who successfully exploits the issue could view out of bound memory. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations: For Microsoft Office for Mac, update the software to properly initialize the affected variable. For Microsoft Office, update the software to properly initialize the affected variable. As a temporary workaround, consider avoiding the use of uninitialized variables in Microsoft Office until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.