CVE-2020-1349

Description

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

Affected products

• Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systemsunspecified – unspecified
• Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systemsunspecified – unspecified
• Microsoft / Microsoft Office2019 for 32-bit editions – 2019 for 32-bit editions
• Microsoft / Microsoft Office2019 for 64-bit editions – 2019 for 64-bit editions
• Microsoft / Microsoft Outlook2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Outlook2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Outlook2013 Service Pack 1 (32-bit editions) – 2013 Service Pack 1 (32-bit editions)
• Microsoft / Microsoft Outlook2013 Service Pack 1 (64-bit editions) – 2013 Service Pack 1 (64-bit editions)
• Microsoft / Microsoft Outlook2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Outlook2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Outlook2013 RT Service Pack 1 – 2013 RT Service Pack 1

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349
• EXPLOIThttp://packetstormsecurity.com/files/169959/Microsoft-Outlook-2019-16.0.12624.20424-Remote-Code-Execution.html