Is CVE-2020-1446 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft 365 Apps For Enterprise 32-bit Systems

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

EPSS: 0.399 (97.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft 365 Apps For Enterprise 32-bit Systems — versions unspecified
Microsoft 365 Apps For Enterprise 64-bit Systems — versions unspecified
Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions, 2019 for Mac
Microsoft Office Online Server — versions unspecified
Microsoft Office Web Apps — versions 2010 Service Pack 2, 2013 Service Pack 1
Microsoft Sharepoint Enterprise Server — versions 2016, 2013 Service Pack 1
Microsoft Sharepoint Server — versions 2019, 2010 Service Pack 2
Microsoft Word — versions 2016 (32-bit edition), 2016 (64-bit edition), 2010 Service Pack 2 (32-bit editions)

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1446?: CVE-2020-1446 is a vulnerability in Microsoft 365 Apps For Enterprise 32-bit Systems. Published 2020-07-14.
Is CVE-2020-1446 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.