vulnerability

CVE-2020-1409: DirectWrite Remote Code Execution Vulnerability [Office for Mac]

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Jul 14, 2020	Jul 14, 2020	Nov 8, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 14, 2020

Added

Jul 14, 2020

Modified

Nov 8, 2022

Description

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.

Solutions

office-for-mac-upgrade-16_16_24office-for-mac-upgrade-16_39_0

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today