CVE-2020-1502 – This is an information disclosure vulnerability... (How to Fix)

Q: What is the severity of CVE-2020-1502?

CVE-2020-1502 has a CVSS score of 5.5 (MEDIUM). This is an information disclosure vulnerability in Microsoft Word where specially crafted documents can leak memory contents when opened. Attackers could potentially use leaked information to further compromise systems. All users running vulnerable versions of Microsoft Word are affected.

📋 TL;DR

This is an information disclosure vulnerability in Microsoft Word where specially crafted documents can leak memory contents when opened. Attackers could potentially use leaked information to further compromise systems. All users running vulnerable versions of Microsoft Word are affected.

💻 Affected Systems

Products:

Microsoft Word
Microsoft Office

Versions: Microsoft Office 2019, Microsoft Office 2016, Microsoft Office 2013, Microsoft Office 2010 (specific versions per Microsoft advisory)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both 32-bit and 64-bit versions. Requires user to open malicious document.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory contents disclosure could reveal sensitive data, credentials, or system information that enables full system compromise.

🟠

Likely Case

Limited information disclosure from Word's memory space, potentially revealing document fragments or system information.

🟢

If Mitigated

No impact if patched or if users don't open untrusted documents.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious document.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could exploit this if users open malicious attachments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires attacker to know specific memory address locations and convince user to open malicious document.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in August 2020 (specific KB numbers vary by Office version)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502

Restart Required: Yes

Instructions:

1. Open Microsoft Office application. 2. Go to File > Account > Update Options > Update Now. 3. Install available updates. 4. Restart computer if prompted.

🔧 Temporary Workarounds

Block Office documents from untrusted sources

windows

Configure Group Policy or security software to block Word documents from untrusted sources

Use Protected View

windows

Ensure Protected View is enabled for documents from the internet

🧯 If You Can't Patch

Implement application whitelisting to restrict which documents can be opened
Train users to never open documents from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Office version against Microsoft's security update list for August 2020

Check Version:

In Word: File > Account > About Word (shows version)

Verify Fix Applied:

Verify Office version is updated to post-August 2020 security updates

📡 Detection & Monitoring

Log Indicators:

Multiple Word crashes from same document
Unusual document opening patterns

Network Indicators:

Downloads of suspicious Office documents

SIEM Query:

Office process memory access anomalies or document opening from untrusted sources

📊 Metadata

CVE ID: CVE-2020-1502

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Published: August 17, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON