CVE-2020-16855

MEDIUM

Microsoft Office - Information Disclosure via Uninitialized Variable

Title source: llm
STIX 2.1

Description

<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p> <p>The security update addresses the vulnerability by properly initializing the affected variable.</p>

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0444
EPSS Percentile 90.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-125 CWE-908
Status published
Products (2)
microsoft/office 2016
microsoft/office 2019
Published Sep 11, 2020
Tracked Since Feb 18, 2026