Main Vulnerability Database Vulnerabilities #VU45551

Information disclosure in Microsoft Office and Microsoft Outlook - CVE-2020-1493

Published: August 11, 2020 / Updated: September 1, 2020

Vulnerability identifier: #VU45551

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-1493

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Microsoft Office
Microsoft Outlook

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.

How to mitigate CVE-2020-1493

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493

Information disclosure in Microsoft Office and Microsoft Outlook - CVE-2020-1493

Detailed vulnerability description

How to mitigate CVE-2020-1493

Sources

Please verify you're human