What is CVE-2020-1448?

CVE-2020-1448 is a vulnerability in Microsoft Office. Published 2020-07-14.

Is CVE-2020-1448 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2020-1448

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.

EPSS: 0.367 (97.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions
Microsoft Office Online Server — versions unspecified
Microsoft Office Web Apps — versions 2013 Service Pack 1
Microsoft Sharepoint Enterprise Server — versions 2016
Microsoft Sharepoint Server — versions 2019
Microsoft Word — versions 2016 (32-bit edition), 2016 (64-bit edition), 2013 RT Service Pack 1

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1448?: CVE-2020-1448 is a vulnerability in Microsoft Office. Published 2020-07-14.
Is CVE-2020-1448 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.