CVE-2020-1594

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Microsoft Office Online Server (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft SharePoint Server (affected versions not specified)

Description: A remote code execution issue exists in Microsoft Excel software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view or modify data, or create new accounts. The vulnerability can be exploited by convincing a user to open a specially crafted file, either via email or by hosting it on a website. The security update addresses this by correcting how Microsoft Excel handles objects in memory.

Recommendations: For Microsoft Excel, update to a version that includes the security update correcting how the software handles objects in memory. For Microsoft Office Online Server, Microsoft Office, and Microsoft SharePoint Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.