CVE-2020-1224

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Published: Sep 11, 2020
Updated: May 4, 2025
CVE: CVE-2020-1224
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / excel	2013-sp1	2013-sp1.x
microsoft / excel	2016	2016.x
microsoft / office_web_apps	2013-sp1	2013-sp1.x
microsoft / excel	2010-sp2	2010-sp2.x
microsoft / sharepoint_enterprise_server	2013-sp1	2013-sp1.x
microsoft / office	2019	2019.x
microsoft / office	2016	2016.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224

Vulnerability Database

289,599

CVE-2020-1224