CVE-2020-1497

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Published: Aug 17, 2020
Updated: Jan 20, 2024
CVE: CVE-2020-1497
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / excel	2013-sp1	2013-sp1.x
microsoft / excel	2016	2016.x
microsoft / office	2013-sp1	2013-sp1.x
microsoft / office	2010-sp2	2010-sp2.x
microsoft / excel	2010-sp2	2010-sp2.x
microsoft / office	2016	2016.x
microsoft / office	2019	2019.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1497

Vulnerability Database

289,697

CVE-2020-1497