CVE-2020-0892 : A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memo

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.

Published 2020-03-12 16:15:21

Updated 2021-07-21 11:39:24

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2020-0892

Probability of exploitation activity in the next 30 days: 1.39%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-0892

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-0892

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892

CVE-2020-0892 | Microsoft Word Remote Code Execution Vulnerability
Patch;Vendor Advisory

Products affected by CVE-2020-0892

Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2016 For Mac Os
cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*
Matching versions
Microsoft » Office » Version: 2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2019 For Macos
cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*
Matching versions
Microsoft » Word » Version: 2010 Update SP2
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Word » Version: 2016
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: 2010 Update SP2
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: 2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Foundation » Version: 2013 Update SP1
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Online Server » Version: 1.0
cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2016
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2013 Update SP1
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office 365 Proplus » Version: N/A
cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-0892

Exploit prediction scoring system (EPSS) score for CVE-2020-0892

CVSS scores for CVE-2020-0892

References for CVE-2020-0892

Products affected by CVE-2020-0892