An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.
(CVE-2020-1445) - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. (CVE-2020-1409) - An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker could then install programs view, change, or delete data or create new accounts with full user rights. An attacker who successfully exploited this vulnerability could take control of the affected system. (CVE-2020-1342) - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited the vulnerability could view out of bound memory. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory.
Most updated microsoft office for mac mac os x#
Description The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. Synopsis An application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities. Severity display preferences can be toggled in the settings dropdown. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. The calculated severity for Plugins has been updated to use CVSS v3 by default.
0 kommentar(er)
