Is CVE-2020-1493 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft 365 Apps For Enterprise

CVE-2020-1493

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restric…

EPSS: 0.303 (96.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft 365 Apps For Enterprise — versions 16.0.1
Microsoft Office 2019 — versions 19.0.0
Microsoft Outlook 2010 Service Pack 2 — versions 13.0.0.0
Microsoft Outlook 2013 Service Pack 1 — versions 15.0.0.0
Microsoft Outlook 2016 — versions 16.0.0.0

Public proof-of-concept exploits

0neb1n/CVE-2020-1493
0xT11/CVE-POC
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
Live-Hack-CVE/CVE-2020-1493
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub
nomi-sec/PoC-in-GitHub
soosmile/POC

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493
packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Ou…

Frequently asked questions

What is CVE-2020-1493?: CVE-2020-1493 is a vulnerability in Microsoft 365 Apps For Enterprise. Published 2020-08-17.
Is CVE-2020-1493 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.