安全研究
安全漏洞
Microsoft Word 信息泄露漏洞(CVE-2020-1503)
发布日期:2020-08-11
更新日期:2020-09-01
受影响系统:Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Online Server
Microsoft Office 2019 for Mac
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Microsoft Office 2010 (64-bit edition) SP2
Microsoft Office 2010 (32-bit edition) SP2
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit ed
Microsoft Word 2013 Service Pack 1 (32-bit ed
Microsoft Word 2013 RT SP1
Microsoft Word 2010 Service Pack 2 (64-bit ed
Microsoft Word 2010 Service Pack 2 (32-bit ed
Microsoft SharePoint Server 2019
Microsoft SharePoint Server 2010 SP2
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft 365 Apps for Enterprise 64-bit Systems
Microsoft 365 Apps for Enterprise 32-bit Systems
描述:
CVE(CAN) ID:
CVE-2020-1503
Microsoft Office是一款办公软件套件产品。Microsoft SharePoint是一套企业业务协作平台。Microsoft Word是一套Office套件中的文字处理软件。
Microsoft Word存在信息泄露漏洞。该漏洞源于软件未正确公开其内存内容。攻击者可利用该漏洞借助特制文件破坏用户计算机或数据。以下产品及版本受到影响:Microsoft 365 Apps for Enterprise、Office 2010 SP2、Office 2016 for Mac、Office 2019、Office 2019 for Mac、Office Online Server、Office Web Apps 2010 SP2、Office Web Apps 2013 SP1、SharePoint Enterprise Server 2013 SP1、SharePoint Enterprise Server 2016、SharePoint Server 2010 SP2、SharePoint Server 2019、Word 2010 SP2、Word 2013 RT SP1、Word 2013 SP1、Word 2016。
<*来源:Haifei Li(McAfee IPS Security Research Team)
*>
建议:
厂商补丁:
Microsoft
---------
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1503浏览次数:811
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障 |
