CVE-2020-1493

CVE Database · CVE-2020-1493

CVE-2020-1493

· MEDIUMModified

CVSS v3.1

5.5

EPSS

7.30%

Published

Aug 17, 2020

Modified

Feb 23, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-922

Affected Products (6)

microsoft · 365_appsvulnerable

microsoft · officevulnerable

microsoft · outlookvulnerable

References (4)

http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493

PatchVendor Advisory

http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs