Vulnerability Description
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | 365 Apps | - |
| Microsoft | Office | 2019 |
| Microsoft | Outlook | 2010 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493PatchVendor Advisory
- http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493PatchVendor Advisory
FAQ
What is CVE-2020-1493?
CVE-2020-1493 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anony...
How severe is CVE-2020-1493?
CVE-2020-1493 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1493?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft 365 Apps, Microsoft Office, Microsoft Outlook.