Vulnerability in Microsoft 365 Apps For Enterprise 32-bit Systems
CVE-2020-1445
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.
EPSS: 0.275 (96.5th percentile) — read the EPSS interpretation.
Affected products
- Microsoft 365 Apps For Enterprise 32-bit Systems — versions unspecified
- Microsoft 365 Apps For Enterprise 64-bit Systems — versions unspecified
- Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions, 2019 for Mac
- Microsoft Office Online Server — versions unspecified
- Microsoft Office Web Apps — versions 2010 Service Pack 2, 2013 Service Pack 1
- Microsoft Sharepoint Enterprise Server — versions 2016, 2013 Service Pack 1
- Microsoft Sharepoint Server — versions 2019, 2010 Service Pack 2
- Microsoft Word — versions 2016 (32-bit edition), 2016 (64-bit edition), 2010 Service Pack 2 (32-bit editions)
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-1445?
- CVE-2020-1445 is a vulnerability in Microsoft 365 Apps For Enterprise 32-bit Systems. Published 2020-07-14.
- Is CVE-2020-1445 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.