What is CVE-2020-0696?

CVE-2020-0696 is a vulnerability in Microsoft Office. Published 2020-02-11.

Is CVE-2020-0696 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2020-0696

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions
Microsoft Outlook — versions 2016 (32-bit edition), 2016 (64-bit edition), 2013 Service Pack 1 (32-bit editions)
Microsoft Office 365 Proplus — versions 32-bit Systems, 64-bit Systems

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-0696?: CVE-2020-0696 is a vulnerability in Microsoft Office. Published 2020-02-11.
Is CVE-2020-0696 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.