CVE-2020-13580
📋 TL;DR
A heap-based buffer overflow vulnerability in SoftMaker Office 2021's PlanMaker allows attackers to execute arbitrary code by tricking users into opening malicious documents. This affects users of SoftMaker Office 2021 who open untrusted PlanMaker documents. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- SoftMaker Office 2021
- PlanMaker 2021
📦 What is this software?
Planmaker 2021 by Softmaker
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with application privileges leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Malicious document execution leading to malware installation, credential theft, or lateral movement within the network.
If Mitigated
Document blocked by security controls or opened in sandboxed environment with minimal impact.
🎯 Exploit Status
Exploitation requires user interaction to open malicious document. Technical details and proof-of-concept are publicly available in Talos reports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: SoftMaker Office 2021 with security update (specific version not specified in references)
Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1191
Restart Required: Yes
Instructions:
1. Open SoftMaker Office 2021. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Restart the application and any open documents.
🔧 Temporary Workarounds
Disable PlanMaker document parsing
windowsPrevent PlanMaker from opening documents by modifying file associations or using application control policies.
Not applicable - requires GUI configuration or group policy
Use document sandboxing
allOpen untrusted documents in isolated environments or virtual machines.
🧯 If You Can't Patch
- Implement application whitelisting to block PlanMaker execution
- Deploy email/web filtering to block suspicious document attachments
🔍 How to Verify
Check if Vulnerable:
Check SoftMaker Office version in Help > About. If version is 2021 without recent security updates, likely vulnerable.Check Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\SoftMaker\Office 2021\VersionVerify Fix Applied:
Verify update installation in Help > About and ensure no security alerts for CVE-2020-13580.📡 Detection & Monitoring
Log Indicators:
- Unexpected PlanMaker crashes
- Large document file operations from unusual sources
Network Indicators:
- Downloads of PlanMaker documents from untrusted sources
SIEM Query:
Process creation where parent process is PlanMaker and command line contains suspicious document paths