cnvd - cnvd-2020-59752

cnvd-2020-59752

Vulnerability from cnvd

Title

Microsoft Excel信息泄露漏洞（CNVD-2020-59752）

Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel中存在信息泄露漏洞。该漏洞源于错误地披露内存的内容。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Microsoft Excel信息泄露漏洞（CNVD-2020-59752）的补丁

Patch Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel中存在信息泄露漏洞。该漏洞源于错误地披露内存的内容。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://portal.msrc.microsoft.com/en-us/security-guidance

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1224

Impacted products

Name
['Microsoft Excel 2010 SP2', 'Microsoft Excel 2013 SP1', 'Microsoft Excel 2013 RT SP1', 'Microsoft Office Web Apps 2013 SP1', 'Microsoft Office 2016', 'Microsoft Excel 2016', 'Microsoft Office Online Server', 'Microsoft SharePoint Enterprise Server 2013 SP1', 'Microsoft Office 2019', 'Microsoft 365 Apps']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1224",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1224"
    }
  },
  "description": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\n\nMicrosoft Excel\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5730\u62ab\u9732\u5185\u5b58\u7684\u5185\u5bb9\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-59752",
  "openTime": "2020-10-31",
  "patchDescription": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Excel\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5730\u62ab\u9732\u5185\u5b58\u7684\u5185\u5bb9\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Excel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-59752\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Excel 2010 SP2",
      "Microsoft Excel 2013 SP1",
      "Microsoft Excel 2013 RT  SP1",
      "Microsoft Office Web Apps 2013 SP1",
      "Microsoft Office 2016",
      "Microsoft Excel 2016",
      "Microsoft Office Online Server",
      "Microsoft SharePoint Enterprise Server 2013 SP1",
      "Microsoft Office 2019",
      "Microsoft 365 Apps"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1224",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-26",
  "title": "Microsoft Excel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-59752\uff09"
}

CVE-2020-1224 (GCVE-0-2020-1224)

Vulnerability from cvelistv5

Published

2020-09-11 17:09

Modified

2024-08-04 06:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE

Information Disclosure

Summary

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

References

URL

Tags

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1224

x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Version: 15.0.0 < publication
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*

Microsoft	Microsoft Office 2019	Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:office:2019:::::::*
Microsoft	Microsoft Office 2019 for Mac	Version: 16.0.0 < publication cpe:2.3:a:microsoft:office:2019:::::macos::
Microsoft	Microsoft Office Online Server	Version: 16.0.1 < publication cpe:2.3:a:microsoft:office_online_server:-:::::::*
Microsoft	Microsoft 365 Apps for Enterprise	Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases cpe:2.3:a:microsoft:365_apps:-::::enterprise:::
Microsoft	Microsoft Excel 2016	Version: 16.0.0.0 < publication cpe:2.3:a:microsoft:excel:2016::::::x86: cpe:2.3:a:microsoft:excel:2016::::::x64:
Microsoft	Microsoft Office 2016 for Mac	Version: 16.0.0 < publication cpe:2.3:a:microsoft:office:2016:::::mac_os::
Microsoft	Microsoft Excel 2010 Service Pack 2	Version: 13.0.0.0 < publication cpe:2.3:a:microsoft:excel:2010:sp2::::::
Microsoft	Microsoft Excel 2013 Service Pack 1	Version: 15.0.0.0 < publication cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::* cpe:2.3:a:microsoft:excel:2013:sp1:::::x86:* cpe:2.3:a:microsoft:excel:2013:sp1:::::x64:*
Microsoft	Microsoft Office Web Apps 2013 Service Pack 1	Version: 15.0.0.0 < publication cpe:2.3:a:microsoft:office_web_apps:2013:sp1::::::

Show details on NVD website