CVE-2020-1583

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Published: Aug 17, 2020
Updated: May 4, 2025
CVE: CVE-2020-1583
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / word	2013-sp1	2013-sp1.x
microsoft / word	2016	2016.x
microsoft / office_web_apps	2013-sp1	2013-sp1.x
microsoft / office_web_apps	2010-sp2	2010-sp2.x
microsoft / sharepoint_server	2010-sp2	2010-sp2.x
microsoft / office	2010-sp2	2010-sp2.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / word	2010-sp2	2010-sp2.x
microsoft / sharepoint_enterprise_server	2013-sp1	2013-sp1.x
microsoft / sharepoint_server	2019	2019.x
microsoft / office	2019	2019.x
microsoft / office	2016	2016.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583

Vulnerability Database

289,599

CVE-2020-1583