CVE-2020-0906: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0906) was discovered in Microsoft Excel software, disclosed on April 14, 2020. The vulnerability affects multiple versions of Microsoft Excel and Office, including Excel 2010 SP2, 2013 SP1, 2016, and Office 2019, when the software fails to properly handle objects in memory (NVD).

The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (HIGH). The vulnerability requires user interaction for successful exploitation, as indicated by the UI:R component in the CVSS vector (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. If the current user has administrative privileges, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights (Microsoft Support).

Microsoft released security updates to address this vulnerability as part of their April 2020 security updates. Users are advised to install security update 4484266 for affected versions of Office 2010, with separate updates available for both 32-bit and 64-bit versions (Microsoft Support).