CVE-2020-17063: Microsoft Office Online Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.8)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Nov

Released

2020-11-10

EPSS Score

1.44% (percentile: 80.8%)

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (4)

Microsoft Office

• Microsoft Office 2019 for 32-bit editions
• Microsoft Office 2019 for 64-bit editions
• Microsoft 365 Apps for Enterprise for 32-bit Systems
• Microsoft 365 Apps for Enterprise for 64-bit Systems

Acknowledgments

Petros L. K. Mantos (@0nlyslayer) and Pavlos Kolios (@pzyc0) of Bewise Labs

Revision History

• 2020-11-10: Information published.