Skip to main content

Office 365 Proplus CVE-2020-0979

HIGH
2020-04-15 secure@microsoft.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 15, 2020 - 15:15 nvd
HIGH 8.8

DescriptionNVD

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906.

AnalysisAI

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906. Affected products include: Microsoft Office 365 Proplus.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-0541 HIGH POC
8.8 Jan 08

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML E

CVE-2019-1449 CRITICAL
9.8 Nov 12

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially c

CVE-2019-1205 CRITICAL
9.8 Aug 14

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memo

CVE-2020-0906 HIGH
8.8 Apr 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2020-0850 HIGH
8.8 Mar 12

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memo

CVE-2020-0759 HIGH
8.8 Feb 11

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1331 HIGH
8.8 Oct 10

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1327 HIGH
8.8 Oct 10

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1297 HIGH
8.8 Sep 11

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1111 HIGH
8.8 Jul 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1110 HIGH
8.8 Jul 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

Share

CVE-2020-0979 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy