Vulnerability in Microsoft 365 Apps For Enterprise
CVE-2020-1503
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit…
EPSS: 0.273 (96.5th percentile) — read the EPSS interpretation.
Affected products
- Microsoft 365 Apps For Enterprise — versions 16.0.1
- Microsoft Office 2010 Service Pack 2 — versions 13.0.0.0
- Microsoft Office 2016 For Mac — versions 16.0.0
- Microsoft Office 2019 — versions 19.0.0
- Microsoft Office 2019 For Mac — versions 16.0.0
- Microsoft Office Online Server — versions 16.0.1
- Microsoft Office Web Apps 2010 Service Pack 2 — versions 13.0.0
- Microsoft Office Web Apps 2013 Service Pack 1 — versions 15.0.0.0
- Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 — versions 15.0.0
- Microsoft Sharepoint Enterprise Server 2016 — versions 16.0.0
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-1503?
- CVE-2020-1503 is a vulnerability in Microsoft 365 Apps For Enterprise. Published 2020-08-17.
- Is CVE-2020-1503 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.