9.3

CVE-2020-1581

EPSS 9.68%
Veröffentlicht 17.08.2020 19:15:21
Zuletzt bearbeitet 23.02.2026 18:25:42
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2013 SwEditionclick-to-run

Microsoft ≫ Office Version2019 SwPlatform-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.68%	0.926

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1581

EUVD