Home

CVE-2020-1583

Description

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
23.013

Associated Vulnerability

VulnerabilityOS Platform
Microsoft SharePoint Spoofing Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4484473)Windows
Microsoft Word Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4484478)Windows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2013 (KB4484484) 32-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2013 (KB4484484) 64-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2016 (KB4484474) 32-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2016 (KB4484474) 64-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Web Applications (KB4484495)Windows
Microsoft Word Information Disclosure Vulnerability for Microsoft Office 2010 (KB4484492) 32-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Office 2010 (KB4484492) 64-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft SharePoint Server 2010 (KB4484490)Windows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2010 (KB4484494) 32-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Word 2010 (KB4484494) 64-Bit EditionWindows
Microsoft Word Information Disclosure Vulnerability for Microsoft Office Web Apps Server 2013 (KB4484481)Windows
Microsoft Word Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB4484481)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of version(10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 x64 1808 (Build:10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of version(10364.20059)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2002 (Build 12527.20988)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x64 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Channel for x86 2007 of version(13029.20344)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Monthly Channel Version 2007 (Build 13029.20344)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-29617Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4484473)
PATCH-29602Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4484478)
PATCH-29604Security Update for Microsoft Word 2013 (KB4484484) 32-Bit Edition
PATCH-29605Security Update for Microsoft Word 2013 (KB4484484) 64-Bit Edition
PATCH-29618Security Update for Microsoft Word 2016 (KB4484474) 32-Bit Edition
PATCH-29619Security Update for Microsoft Word 2016 (KB4484474) 64-Bit Edition
PATCH-29582Security Update for Microsoft Office 2010 (KB4484492) 32-Bit Edition
PATCH-29583Security Update for Microsoft Office 2010 (KB4484492) 64-Bit Edition
PATCH-29603Security Update for Microsoft Office Web Apps Server 2013 (KB4484481)
PATCH-29855Security Update for Microsoft Office Web Apps Server 2013 (KB4484481)
PATCH-29692Update for Office 2019 for x86 1808 of version(10364.20059)
PATCH-29693Office 2016 Deployment Tool for Office 2019 x64 1808 (Build:10364.20059)
PATCH-29694Update for Office 2019 for x64 1808 of version(10364.20059)
PATCH-29680Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2002 of version(12527.20988)
PATCH-29682Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2002 of version(12527.20988)
PATCH-29684Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2002 of version(12527.20988)
PATCH-29686Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2002 of version(12527.20988)
PATCH-29688Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2002 of version(12527.20988)
PATCH-29690Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2002 of version(12527.20988)
PATCH-29696Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2002 (Build 12527.20988)
PATCH-29697Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2002 (Build 12527.20988)
PATCH-29672Update for Microsoft 365 Apps for Enterprise Monthly Channel for x64 2007 of version(13029.20344)
PATCH-29674Update for Microsoft 365 Apps for Enterprise Monthly Channel for x86 2007 of version(13029.20344)
PATCH-29676Update for Microsoft 365 Apps for Business Monthly Channel for x64 2007 of version(13029.20344)
PATCH-29678Update for Microsoft 365 Apps for Business Monthly Channel for x86 2007 of version(13029.20344)
PATCH-29695Update for Microsoft 365 Apps for Enterprise Monthly Channel Version 2007 (Build 13029.20344)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234