CVE-2020-1225
HIGHMicrosoft Excel - Remote Code Execution via Use-After-Free
Title source: llmDescription
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225
Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1045
Scores
CVSS v3
8.8
EPSS
0.1716
EPSS Percentile
96.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (6)
microsoft/365_apps
microsoft/excel
2010 sp2
microsoft/excel
2013 sp1 (2 CPE variants)
microsoft/excel
2016
microsoft/office
2016
microsoft/office
2019 (2 CPE variants)
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026