Severity Rating: Critical
Software Affected
• Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems
• Microsoft Office 2019 for 32-bit and 64-bit editions
• Microsoft Outlook 2010 Service Pack 2 (32-bit and 64-bit editions)
• Microsoft Outlook 2013 RT Service Pack 1
• Microsoft Outlook 2013 Service Pack 1 (32-bit and 64-bit editions)
• Microsoft Outlook 2016 (32-bit and 64- bit edition)
• Microsoft SharePoint Enterprise Server 2013 Service Pack 1
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Foundation 2013 Service Pack 1
• Microsoft SharePoint Server 2010 Service Pack 2
• Microsoft SharePoint Server 2019
Overview
Multiple vulnerabilities have been reported in Microsoft products, which
could allow an attacker to execute arbitrary code remotely,
Description
1. Microsoft Outlook Remote Code Execution Vulnerability
(CVE-2020-1349)
This vulnerability exists in Microsoft Outlook software due to improper
handling of objects in memory. An attacker could exploit this vulnerability
by convincing the user to open a specially crafted file.
Successful exploitation of this vulnerability could allow the attacker to
execute a process with the same permissions as the current user.
2. PerformancePoint Services Remote Code Execution Vulnerability
(CVE-2020-1439)
This vulnerability exists in PerformancePoint Services for SharePoint
Server due to its failure to check the source markup of XML file input. An
attacker could exploit this vulnerability by uploading a specially crafted
document to the victim server.
Successful exploitation of these vulnerability could allow the attacker to
execute arbitrary code in the context of the process responsible for
deserialization of the XML content on the vulnerable system.
Solution
Apply appropriate fix as mentioned in Microsoft Security Advisory
Vendor Information
Microsoft
References
Microsoft
- -1349
- -1439
CVE Name
CVE-2020-1349
CVE-2020-1439
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.