CVE-2020-1493
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft Office 2019 | 19.0.0 < https://aka.ms/OfficeSecurityReleases | affected |
| Microsoft | Microsoft 365 Apps for Enterprise | 16.0.1 < https://aka.ms/OfficeSecurityReleases | affected |
| Microsoft | Microsoft Outlook 2016 | 16.0.0.0 < publication | affected |
| Microsoft | Microsoft Outlook 2013 Service Pack 1 | 15.0.0.0 < publication | affected |
| Microsoft | Microsoft Outlook 2010 Service Pack 2 | 13.0.0.0 < publication | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493
- http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493
- http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.