Site icon API Security Blog

Security Updates for Microsoft Excel Products C2R (December 2020)

The Microsoft Excel Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities:

– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129)

– An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17126)

– A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2020-17130)Read More

Exit mobile version