CVE-2020-16949
MEDIUMMicrosoft Windows 10 - Memory Leak
Title source: ruleDescription
<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p> <p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>
Scores
CVSS v3
4.7
EPSS
0.0749
EPSS Percentile
91.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-401
Status
published
Affected Products (26)
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
... and 11 more
Timeline
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026