CVE-2020-1342

MEDIUM

Microsoft 365 Apps - Use of Uninitialized Resource

Title source: rule

Description

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342

Scores

CVSS v3 5.5

EPSS 0.2481

EPSS Percentile 96.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-125 CWE-908

Status published

Products (14)

microsoft/365_apps

microsoft/office 2010 sp2

microsoft/office 2016

microsoft/office 2019 (2 CPE variants)

microsoft/office_online_server

microsoft/office_web_apps 2010 sp2

microsoft/office_web_apps 2013 sp1

microsoft/sharepoint_enterprise_server 2013 sp1

microsoft/sharepoint_enterprise_server 2016

microsoft/sharepoint_server 2010 sp2

... and 4 more

Published Jul 14, 2020

Tracked Since Feb 18, 2026