Home

CVE-2020-1497

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
28.459

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4484465) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4484465) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4484449) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4484449) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB4484354) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB4484354) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4484461) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4484461) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4484375) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4484375) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB4484346) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB4484346) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of version(10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 x64 1808 (Build:10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of version(10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2002 (Build 12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x64 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x86 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel Version 2007 (Build 13029.20344)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-29613Security Update for Microsoft Excel 2016 (KB4484465) 32-Bit Edition
PATCH-29614Security Update for Microsoft Excel 2016 (KB4484465) 64-Bit Edition
PATCH-29596Security Update for Microsoft Excel 2013 (KB4484449) 32-Bit Edition
PATCH-29597Security Update for Microsoft Excel 2013 (KB4484449) 64-Bit Edition
PATCH-29598Security Update for Microsoft Office 2013 (KB4484354) 32-Bit Edition
PATCH-29599Security Update for Microsoft Office 2013 (KB4484354) 64-Bit Edition
PATCH-29577Security Update for Microsoft Excel 2010 (KB4484461) 32-Bit Edition
PATCH-29578Security Update for Microsoft Excel 2010 (KB4484461) 64-Bit Edition
PATCH-29615Security Update for Microsoft Office 2016 (KB4484346) 32-Bit Edition
PATCH-29616Security Update for Microsoft Office 2016 (KB4484346) 64-Bit Edition
PATCH-29692Update for Office 2019 for x86 1808 of version(10364.20059)
PATCH-29693Office 2016 Deployment Tool for Office 2019 x64 1808 (Build:10364.20059)
PATCH-29694Update for Office 2019 for x64 1808 of version(10364.20059)
PATCH-29680Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2002 of version(12527.20988)
PATCH-29682Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2002 of version(12527.20988)
PATCH-29684Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2002 of version(12527.20988)
PATCH-29686Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2002 of version(12527.20988)
PATCH-29688Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20988)
PATCH-29690Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20988)
PATCH-29696Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20988)
PATCH-29697Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2002 (Build 12527.20988)
PATCH-29672Update for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2007 of version(13029.20344)
PATCH-29674Update for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2007 of version(13029.20344)
PATCH-29676Update for Microsoft 365 Apps for Business Monthly Channel for x64 2007 of version(13029.20344)
PATCH-29678Update for Microsoft 365 Apps for Business Monthly Channel for x86 2007 of version(13029.20344)
PATCH-29695Update for Microsoft 365 Apps for Enterprise Monthly Channel Version 2007 (Build 13029.20344)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234