microsoft office CVE-2020-1493 vulnerability in Microsoft Products
Published on August 17, 2020

Microsoft Outlook Information Disclosure Vulnerability

product logo product logo
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

NVD

Vulnerability Analysis

CVE-2020-1493 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2020-1493. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.


Products Associated with CVE-2020-1493

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1493 are published in these products:

Microsoft Office
 
Microsoft Outlook
 
Microsoft 365 Apps
 

Affected Versions

Microsoft Office 2019: Microsoft 365 Apps for Enterprise: Microsoft Outlook 2016: Microsoft Outlook 2013 Service Pack 1: Microsoft Outlook 2010 Service Pack 2:

Exploit Probability

EPSS
30.33%
Percentile
96.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.