Lucene search
KdotZDI-20-1133HistorySep 10, 2020 - 12:00 a.m.
Microsoft Excel XLS File SST Record Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-09-1000:00:00
kdot
www.zerodayinitiative.com
33
microsoft excel
xls file
sst record
out-of-bounds write
remote code execution
vulnerability
user interaction
malicious page
malicious file
parsing
shared string table
buffer overflow
EPSS
0.022
Percentile
89.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. When parsing a Shared String Table (SST) record, the process does not properly validate user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
nvd
nvd
CVE-2020-1594
2020-09-11 17:15:21
cve
cve
CVE-2020-1594
2020-09-11 17:15:21
prion
prion
Remote code execution
2020-09-11 17:15:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2020-09-08 07:00:00
cvelist
cvelist
CVE-2020-1594 Microsoft Excel Remote Code Execution Vulnerability
2020-09-11 17:09:26
nessus
nessus
Security Updates for Microsoft Excel Products (September 2020)
2020-09-08 00:00:00
Security Updates for Microsoft Excel Products C2R (September 2020)
2022-06-10 00:00:00
Security Updates for Microsoft Office Products (September 2020)
2020-09-08 00:00:00
openvas
openvas
mskb
mskb
Description of the security update for Excel 2010: September 8, 2020
2020-09-08 07:00:00
Description of the security update for Excel 2016: September 8, 2020
2020-09-08 07:00:00
Description of the security update for Excel 2013: September 8, 2020
2020-09-08 07:00:00
kaspersky
kaspersky
KLA11950 Multiple vulnerabilities in Microsoft Office
2020-09-08 00:00:00
avleonov
avleonov