发布日期：2020-07-14
更新日期：2020-08-11

受影响系统：

Microsoft Office 2019 for Mac
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit ed
Microsoft Office 2010 Service Pack 2 (32-bit ed
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit ed
Microsoft Word 2013 Service Pack 1 (32-bit ed
Microsoft Word 2013 RT SP1
Microsoft Word 2010 Service Pack 2 (64-bit ed
Microsoft Word 2010 Service Pack 2 (32-bit ed
Microsoft Office Web Apps 2013 SP1
Microsoft Office Web Apps 2010 SP2
Microsoft SharePoint Enterprise Server 2019
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2010 SP2
Microsoft Office Online Server
Microsoft 365 Apps for Enterprise 64-bit Systems
Microsoft 365 Apps for Enterprise 32-bit Systems

描述：

---

CVE(CAN) ID: CVE-2020-1342

Microsoft Office是美国微软（Microsoft）公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。
Microsoft Office中存在信息泄露漏洞，该漏洞源于程序未初始化变量。攻击者可利用该漏洞借助特制的文件获取内存内容（越界读取）。以下产品及版本受到影响：Microsoft 365 Apps for Enterprise、Office 2010 Service Pack 2、Office 2016 for Mac、Office 2019、Office 2019 for Mac、Office Online Server、Office Web Apps 2010 Service Pack 2、SharePoint Enterprise Server 2013 SP1、SharePoint Enterprise Server 2016、SharePoint Server 2010 SP2、SharePoint Server 2019、Word 2010 Service Pack 2、Word 2013 RT SP1、Word 2013 SP1、Word 2016、Word 2016。

<*来源：Oleksandr Mirosh (Micro Focus Fortify)
        Haifei Li（McAfee IPS Security Research Team）
  *>

建议：

---

厂商补丁：

Microsoft
---------
目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1346

浏览次数：985
严重程度：0（网友投票）