CVE-2020-16949

medium Microsoft
CVSS v3 Base Score
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
7.5%
Exploitation probability in 30 days
Top 8% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: October 16, 2020 (2036 days ago)
Last Modified: February 23, 2026
Vendor: Microsoft

Description

<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p> <p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>

CWE

CWE-401

Affected Products

microsoft windows 10microsoft windows 7microsoft windows 8.1microsoft windows rt 8.1microsoft windows server 2008microsoft windows server 2012microsoft windows server 2016microsoft windows server 2019microsoft 365 appsmicrosoft office

References

🔗 portal.msrc.microsoft.com 🔗 portal.msrc.microsoft.com