CVE-2020-1342
First published: Tue Jul 14 2020(Updated: )
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft 365 Apps | ||
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2016 | |
| Microsoft Office | =2019 | |
| Microsoft Office | =2019 | |
| Microsoft Office Online Server | ||
| Microsoft Office Web Apps | =2010-sp2 | |
| Microsoft Office Web Apps | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2016 | |
| Microsoft SharePoint Server | =2010-sp2 | |
| Microsoft SharePoint Server | =2019 | |
| Microsoft Word | =2010-sp2 | |
| Microsoft Word | =2013-sp1 | |
| Microsoft Word | =2013-sp1 | |
| Microsoft Word | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1342?
CVE-2020-1342 is an information disclosure vulnerability in Microsoft Office software that can disclose the contents of memory.
What is the severity of CVE-2020-1342?
CVE-2020-1342 has a severity value of 5.5, which is classified as medium.
Which software is affected by CVE-2020-1342?
CVE-2020-1342 affects various versions of Microsoft Office, including Office 2010, Office 2013, Office 2016, Office 2019, and Office LTSC for Mac 2021.
How can CVE-2020-1342 be exploited?
CVE-2020-1342 can be exploited by reading out of bound memory due to an uninitialized variable in Microsoft Office software.
Is there a fix available for CVE-2020-1342?
Yes, Microsoft has released a security advisory with guidance on how to mitigate the vulnerability. It is recommended to apply the necessary updates or patches provided by Microsoft.
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft 365 apps
- canonical/microsoft office
- version/microsoft office/2010-sp2
- version/microsoft office/2016
- version/microsoft office/2019
- canonical/microsoft office online server
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp2
- version/microsoft office web apps/2013-sp1
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2013-sp1
- version/microsoft sharepoint enterprise server/2016
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2010-sp2
- version/microsoft sharepoint server/2019
- canonical/microsoft word
- version/microsoft word/2010-sp2
- version/microsoft word/2013-sp1
- version/microsoft word/2016