CVE-2020-16929
Summary
| CVE | CVE-2020-16929 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-16 23:15:00 UTC |
| Updated | 2023-12-31 20:15:00 UTC |
| Description | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | 365 Apps | - | All | All | All |
| Application | Microsoft | 365 Apps | - | All | All | All |
| Application | Microsoft | Excel | 2010 | sp2 | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2016 | All | All | All |
| Application | Microsoft | Excel | 2010 | sp2 | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2016 | All | All | All |
| Application | Microsoft | Excel Web App | 2010 | sp2 | All | All |
| Application | Microsoft | Excel Web App | 2010 | sp2 | All | All |
| Application | Microsoft | Office | 2010 | sp2 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office | 2010 | sp2 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office Online Server | 1.0 | All | All | All |
| Application | Microsoft | Office Online Server | 1.0 | All | All | All |
| Application | Microsoft | Office Web Apps | 2010 | sp2 | All | All |
| Application | Microsoft | Office Web Apps | 2013 | sp1 | All | All |
| Application | Microsoft | Office Web Apps | 2010 | sp2 | All | All |
| Application | Microsoft | Office Web Apps | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Enterprise Server | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Enterprise Server | 2013 | sp1 | All | All |
| Application | Microsoft | Sharepoint Server | 2010 | sp2 | All | All |
| Application | Microsoft | Sharepoint Server | 2010 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-20-1251 | Zero Day Initiative | MISC | www.zerodayinitiative.com | Third Party Advisory |
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16929 | MISC | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.