CVE-2020-17118: Microsoft SharePoint Remote Code Execution Vulnerability

Overview

Severity: High (CVSS 8.1)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Category: Remote Code Execution
Exploit Status: Not Exploited
Exploitation Likelihood: More Likely
Patch Tuesday: 2020-Dec
Released: 2020-12-08
EPSS Score: 9.44% (percentile: 92.8%)

Affected Products (4)

Microsoft Office

Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1

Security Updates (4)

Acknowledgments

<a href="https://www.linkedin.com/in/jonathan-birch-ab27681/">Jonathan Birch</a> of Microsoft Office Security Team

Revision History

2020-12-08: Information published.