Published: 2020-09-11

Description:
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ‘Microsoft Office Information Disclosure Vulnerability’.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore

4.3/10

2.9/10

8.6/10

Exploit range
Attack complexity
Authentication

Remote

Medium

No required

Confidentiality impact
Integrity impact
Availability impact

Partial

None

None

 References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855

closedb();
?>


Copyright 2020, cxsecurity.com

 



Source link

Write a comment:
*

Your email address will not be published.