How severe is CVE-2020-1504?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Microsoft Excel 2010 Service Pack 2

CVE-2020-1504

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the…

EPSS: 0.158 (94.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Microsoft Excel 2010 Service Pack 2 — versions 13.0.0.0

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1504 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1504?: CVE-2020-1504 is a high-severity vulnerability in Microsoft Excel 2010 Service Pack 2. CVSS score: 8.8/10. Published 2020-08-17.
How severe is CVE-2020-1504?: High severity. CVSS v3 base score is 8.8 out of 10.