CVE-2020-1224: Microsoft Excel Information Disclosure Vulnerability
First published: Fri Sep 11 2020(Updated: )
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft 365 Apps | ||
| Microsoft Excel | =2010-sp2 | |
| Microsoft Excel | =2013-sp1 | |
| Microsoft Excel | =2013-sp1 | |
| Microsoft Excel | =2016 | |
| Microsoft Office | =2016 | |
| Microsoft Office | =2019 | |
| Microsoft Office | =2019 | |
| Microsoft Office Online Server | ||
| Microsoft Office Web Apps | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2013-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1224?
CVE-2020-1224 is an information disclosure vulnerability in Microsoft Excel that allows improper disclosure of memory contents.
What is the severity of CVE-2020-1224?
CVE-2020-1224 has a severity rating of 5.5, which is considered medium.
Which software are affected by CVE-2020-1224?
Microsoft Office LTSC for Mac 2021, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 for macOS, Microsoft Office 2019, Microsoft Office Online Server, Microsoft Office Web Apps, and Microsoft SharePoint Enterprise Server 2013 SP1 are affected by CVE-2020-1224.
How does CVE-2020-1224 work?
CVE-2020-1224 allows an attacker to view the contents of Excel's memory, potentially exposing sensitive information.
Is there a fix for CVE-2020-1224?
Yes, Microsoft has released a security update to address the CVE-2020-1224 vulnerability. It is recommended to update your software as soon as possible.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/description
- agent/title
- agent/severity
- agent/references
- agent/remedy
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft 365 apps
- canonical/microsoft excel
- version/microsoft excel/2010-sp2
- version/microsoft excel/2013-sp1
- version/microsoft excel/2016
- canonical/microsoft office
- version/microsoft office/2016
- version/microsoft office/2019
- canonical/microsoft office online server
- canonical/microsoft office web apps
- version/microsoft office web apps/2013-sp1
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2013-sp1