发布日期：2020-07-14
更新日期：2020-08-10

受影响系统：

Microsoft Office Office Web Apps 2013 Service P
Microsoft Office Office Web Apps 2010 Service P
Microsoft Office Office Online Server
Microsoft Office 2019 for Mac
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit ed
Microsoft Office 2010 Service Pack 2 (32-bit ed
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit ed
Microsoft Word 2013 Service Pack 1 (32-bit ed
Microsoft Word 2013 RT SP1
Microsoft Word 2010 Service Pack 2 (64-bit ed
Microsoft Word 2010 Service Pack 2 (32-bit ed
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2013 SP1
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2016
Microsoft 365 Apps for Enterprise 64-bit Systems
Microsoft 365 Apps for Enterprise 32-bit Systems

描述：

---

CVE(CAN) ID: CVE-2020-1446

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。
Microsoft Word存在远程代码执行漏洞。该漏洞源于程序没有正确处理内存对象。攻击者利用该漏洞可借助特制的文件在当前用户的安全上下文中执行操作。以下产品及版本受到影响：Microsoft 365 Apps for Enterprise；Office 2010 SP2、Office 2016 for Mac、Office 2019、Office 2019 for Mac、Office Online Server、Office Web Apps 2010 SP2、Office Web Apps 2013 SP1、SharePoint Enterprise Server 2013 SP1、SharePoint Enterprise Server 2016、SharePoint Server 2010 SP2、SharePoint Server 2019、Word 2010 SP2、Word 2013 RT SP1、Word 2013 SP1、Word 2016版本。

<*来源：Haifei Li（McAfee IPS Security Research Team）
  *>

建议：

---

厂商补丁：

Microsoft
---------
目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1446

浏览次数：989
严重程度：0（网友投票）