cnvd - cnvd-2021-11034

cnvd-2021-11034

Vulnerability from cnvd

Title: Microsoft Word远程代码执行漏洞（CNVD-2021-11034）

Description:

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。

Microsoft Word存在远程代码执行漏洞，该漏洞源于程序未能正确处理内存对象，攻击者可借助特制的文件利用该漏洞在当前用户的安全上下文中执行操作。

Severity: 中

Patch Name: Microsoft Word远程代码执行漏洞（CNVD-2021-11034）的补丁

Patch Description:

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。

Microsoft Word存在远程代码执行漏洞，该漏洞源于程序未能正确处理内存对象，攻击者可借助特制的文件利用该漏洞在当前用户的安全上下文中执行操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修补方案，请关注厂商主页及时更新： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1446

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-1446

Impacted products

Name
['Microsoft Office Web Apps 2010 SP2', 'Microsoft SharePoint Server 2010 SP2', 'Microsoft Word 2010 SP2', 'Microsoft Word 2013 SP1', 'Microsoft Word 2013 RT SP1', 'Microsoft Office Web Apps 2013 SP1', 'Microsoft Word 2016', 'Microsoft Office Online Server', 'Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Enterprise Server 2013 SP1', 'Microsoft Office 2016 for Mac', 'Microsoft Office 2019', 'Microsoft Office 2019 for Mac', 'Microsoft SharePoint Server 2019', 'Microsoft 365 Apps for Enterprise']

Name

['Microsoft Office Web Apps 2010 SP2', 'Microsoft SharePoint Server 2010 SP2', 'Microsoft Word 2010 SP2', 'Microsoft Word 2013 SP1', 'Microsoft Word 2013 RT SP1', 'Microsoft Office Web Apps 2013 SP1', 'Microsoft Word 2016', 'Microsoft Office Online Server', 'Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Enterprise Server 2013 SP1', 'Microsoft Office 2016 for Mac', 'Microsoft Office 2019', 'Microsoft Office 2019 for Mac', 'Microsoft SharePoint Server 2019', 'Microsoft 365 Apps for Enterprise']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1446",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1446"
    }
  },
  "description": "Microsoft Word\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957Office\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\n\nMicrosoft Word\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u5185\u5b58\u5bf9\u8c61\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1446",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-11034",
  "openTime": "2021-02-20",
  "patchDescription": "Microsoft Word\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957Office\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Word\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u5185\u5b58\u5bf9\u8c61\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Word\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2021-11034\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Office Web Apps 2010 SP2",
      "Microsoft SharePoint Server 2010 SP2",
      "Microsoft Word 2010 SP2",
      "Microsoft Word 2013 SP1",
      "Microsoft Word 2013 RT SP1",
      "Microsoft Office Web Apps 2013 SP1",
      "Microsoft Word 2016",
      "Microsoft Office Online Server",
      "Microsoft SharePoint Enterprise Server 2016",
      "Microsoft SharePoint Enterprise Server 2013 SP1",
      "Microsoft Office 2016 for Mac",
      "Microsoft Office 2019",
      "Microsoft Office 2019 for Mac",
      "Microsoft SharePoint Server 2019",
      "Microsoft 365 Apps for Enterprise"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1446",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-12",
  "title": "Microsoft Word\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2021-11034\uff09"
}

CVE-2020-1446 (GCVE-0-2020-1446)

Vulnerability from cvelistv5

Published

2020-07-14 22:54

Modified

2024-08-04 06:39

Severity ?

CWE

Remote Code Execution

Summary

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

References

▼	URL	Tags
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft SharePoint Enterprise Server

Version: 2016
Version: 2013 Service Pack 1

Microsoft	Microsoft SharePoint Server	Version: 2019 Version: 2010 Service Pack 2
Microsoft	Microsoft Office	Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2019 for Mac Version: 2016 for Mac Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions)
Microsoft	Microsoft Office Online Server	Version: unspecified
Microsoft	Microsoft 365 Apps for Enterprise for 32-bit Systems	Version: unspecified
Microsoft	Microsoft 365 Apps for Enterprise for 64-bit Systems	Version: unspecified
Microsoft	Microsoft Word	Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions)
Microsoft	Microsoft Office Web Apps	Version: 2010 Service Pack 2 Version: 2013 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:39:09.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft SharePoint Enterprise Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1"
            }
          ]
        },
        {
          "product": "Microsoft SharePoint Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2"
            }
          ]
        },
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019 for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for 64-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for Mac"
            },
            {
              "status": "affected",
              "version": "2016 for Mac"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft 365 Apps for Enterprise for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft 365 Apps for Enterprise for 64-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Word",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            }
          ]
        },
        {
          "product": "Microsoft Office Web Apps",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-14T22:54:46",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1446",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft SharePoint Enterprise Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2013 Service Pack 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SharePoint Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2010 Service Pack 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 for 32-bit editions"
                          },
                          {
                            "version_value": "2019 for 64-bit editions"
                          },
                          {
                            "version_value": "2019 for Mac"
                          },
                          {
                            "version_value": "2016 for Mac"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office Online Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Word",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office Web Apps",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2"
                          },
                          {
                            "version_value": "2013 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1446",
    "datePublished": "2020-07-14T22:54:46",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:39:09.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted