CVE-2020-16949
MEDIUMMicrosoft Outlook - Denial of Service via Specially Crafted Email
Title source: llmDescription
<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p> <p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949
Scores
CVSS v3
4.7
EPSS
0.0275
EPSS Percentile
84.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (25)
microsoft/365_apps
microsoft/office
2019
microsoft/outlook
2010 sp2
microsoft/outlook
2013 sp1 (2 CPE variants)
microsoft/outlook
2016
microsoft/windows_10
microsoft/windows_10
1607
microsoft/windows_10
1709
microsoft/windows_10
1803
microsoft/windows_10
1809
... and 15 more
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026