CVE-2020-1225

HIGH

Microsoft Excel - Remote Code Execution via Use-After-Free

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.1716
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (6)
microsoft/365_apps
microsoft/excel 2010 sp2
microsoft/excel 2013 sp1 (2 CPE variants)
microsoft/excel 2016
microsoft/office 2016
microsoft/office 2019 (2 CPE variants)
Published Jun 09, 2020
Tracked Since Feb 18, 2026