Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1342

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 7 products from microsoft, from microsoft, from microsoft and 4 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-07-14T23:15:12.713

Last Modified

2024-11-21T05:10:17.193

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-125
    CWE-908
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application microsoft 365_apps - Yes
Application microsoft office 2010 Yes
Application microsoft office 2016 Yes
Application microsoft office 2019 Yes
Application microsoft office 2019 Yes
Application microsoft office_online_server - Yes
Application microsoft office_web_apps 2010 Yes
Application microsoft office_web_apps 2013 Yes
Application microsoft sharepoint_enterprise_server 2013 Yes
Application microsoft sharepoint_enterprise_server 2016 Yes
Application microsoft sharepoint_server 2010 Yes
Application microsoft sharepoint_server 2019 Yes
Application microsoft word 2010 Yes
Application microsoft word 2013 Yes
Application microsoft word 2013 Yes
Application microsoft word 2016 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For microsoft's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.