Fwd: [CIVN-2020-0291] Multiple Vulnerabilities in Microsoft Products

3 years ago 258

BOOK THIS SPACE FOR AD

ARTICLE AD

Software Affected

• Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems

• Microsoft Office 2019 for 32-bit and 64-bit editions

• Microsoft Outlook 2010 Service Pack 2 (32-bit and 64-bit editions)

• Microsoft Outlook 2013 RT Service Pack 1

• Microsoft Outlook 2013 Service Pack 1 (32-bit and 64-bit editions)

• Microsoft Outlook 2016 (32-bit and 64- bit edition)

• Microsoft SharePoint Enterprise Server 2013 Service Pack 1

• Microsoft SharePoint Enterprise Server 2016

• Microsoft SharePoint Foundation 2013 Service Pack 1

• Microsoft SharePoint Server 2010 Service Pack 2

• Microsoft SharePoint Server 2019

Overview

Multiple vulnerabilities have been reported in Microsoft products, which

could allow an attacker to execute arbitrary code remotely,

Description

1. Microsoft Outlook Remote Code Execution Vulnerability

(CVE-2020-1349)

This vulnerability exists in Microsoft Outlook software due to improper

handling of objects in memory. An attacker could exploit this vulnerability

by convincing the user to open a specially crafted file.

Successful exploitation of this vulnerability could allow the attacker to

execute a process with the same permissions as the current user.

2. PerformancePoint Services Remote Code Execution Vulnerability

(CVE-2020-1439)

This vulnerability exists in PerformancePoint Services for SharePoint

Server due to its failure to check the source markup of XML file input. An

attacker could exploit this vulnerability by uploading a specially crafted

document to the victim server.

Successful exploitation of these vulnerability could allow the attacker to

execute arbitrary code in the context of the process responsible for

deserialization of the XML content on the vulnerable system.

Solution

Apply appropriate fix as mentioned in Microsoft Security Advisory

Vendor Information

Microsoft

References

Microsoft

- -1349

- -1439

CVE Name

CVE-2020-1349

CVE-2020-1439

Read Entire Article

LEFT SIDEBAR AD

Fwd: [CIVN-2020-0291] Multiple Vulnerabilities in Microsoft Products

BOOK THIS SPACE FOR AD

Related

Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

Fwd: Virus Alert : CLOP Ransomware

Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

Fwd: Virus Alert : Conti Ransomware

Fwd: [CIVN-2020-0293] LNK Remote Code Execution Vulnerability

Fwd: [CIAD-2020-0049] Multiple Vulnerabilities in Apple iOS and iPadOS

Trending

Popular

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD