CVE-2020-1458: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-1458) exists in Microsoft Office due to improper validation of input before loading dynamic link library (DLL) files. This vulnerability was disclosed and assigned on November 4, 2019, and was publicly released on July 14, 2020. The vulnerability affects Microsoft 365 Apps Enterprise and related Microsoft Office products (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 (HIGH) with vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability is classified as CWE-426 (Untrusted Search Path) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the privileges of the current user. Given the high confidentiality, integrity, and availability ratings in both CVSS v2 and v3.1 scores, successful exploitation could result in complete compromise of the affected system (NVD).

Microsoft has released security patches to address this vulnerability. Users are advised to apply the security updates provided through Microsoft's security advisory (Microsoft Advisory).