CVE-2020-1322

Description

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka Microsoft Project Information Disclosure Vulnerability.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

25.134

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2016 (KB4484399) 32-Bit Edition	Windows
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2016 (KB4484399) 64-Bit Edition	Windows
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2013 (KB4484369) 32-Bit Edition	Windows
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2013 (KB4484369) 64-Bit Edition	Windows
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2010 (KB4484387) 32-Bit Edition	Windows
Microsoft Project Information Disclosure Vulnerability for Microsoft Project 2010 (KB4484387) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 1908 of version(11929.20838)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 1908 of version(11929.20838)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 1908 of version(11929.20838)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 1908 of version(11929.20838)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 1908 (Build 11929.20838)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20720)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20720)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20720)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2005 of version(12827.20336)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2005 of version(12827.20336)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x64 2005 of version(12827.20336)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x86 2005 of version(12827.20336)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel Version 2005 (Build 12827.20336)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-29124	Security Update for Microsoft Project 2016 (KB4484399) 32-Bit Edition
PATCH-29125	Security Update for Microsoft Project 2016 (KB4484399) 64-Bit Edition
PATCH-29116	Security Update for Microsoft Project 2013 (KB4484369) 32-Bit Edition
PATCH-29117	Security Update for Microsoft Project 2013 (KB4484369) 64-Bit Edition
PATCH-29198	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 1908 of version(11929.20838)
PATCH-29200	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 1908 of version(11929.20838)
PATCH-29202	Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 1908 of version(11929.20838)
PATCH-29204	Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 1908 of version(11929.20838)
PATCH-29210	Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 1908 (Build 11929.20838)
PATCH-29206	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20720)
PATCH-29208	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20720)
PATCH-29211	Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20720)
PATCH-29190	Update for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2005 of version(12827.20336)
PATCH-29192	Update for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2005 of version(12827.20336)
PATCH-29194	Update for Microsoft 365 Apps for Business Monthly Channel for x64 2005 of version(12827.20336)
PATCH-29196	Update for Microsoft 365 Apps for Business Monthly Channel for x86 2005 of version(12827.20336)
PATCH-29209	Update for Microsoft 365 Apps for Enterprise Monthly Channel Version 2005 (Build 12827.20336)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234