Vulnerability in Microsoft Office
CVE-2020-0850
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852…
EPSS: 0.335 (97.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions, 2019 for Mac
- Microsoft Office Online Server — versions unspecified
- Microsoft Sharepoint Enterprise Server — versions 2016, 2013 Service Pack 1
- Microsoft Sharepoint Foundation — versions 2013 Service Pack 1
- Microsoft Sharepoint Server — versions 2019
- Microsoft Word — versions 2016 (32-bit edition), 2016 (64-bit edition), 2013 RT Service Pack 1
- Microsoft Office 365 Proplus — versions 32-bit Systems, 64-bit Systems
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-0850?
- CVE-2020-0850 is a vulnerability in Microsoft Office. Published 2020-03-12.
- Is CVE-2020-0850 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.