#VU45551 Information disclosure in Microsoft Office and Microsoft Outlook - CVE-2020-1493
Published: August 11, 2020 / Updated: September 1, 2020
Vulnerability identifier: #VU45551
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-1493
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Microsoft Office
Microsoft Outlook
Microsoft Office
Microsoft Outlook
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
Remediation
Install updates from vendor's website.