CVE-2020-1225

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.

Related CPE's

amicrosoftexcel2013sp1******

amicrosoftexcel2016*******

amicrosoftexcel2013sp1**rt***

amicrosoftexcel2010sp2******

amicrosoftoffice2016****mac_os**

amicrosoftoffice2019****mac_os**

amicrosoftoffice2019****-**

amicrosoft365_apps-***enterprise***

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225

PatchVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1045

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

8.8

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

9.300000190734863

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io