CVE-2020-1581

EPSS 9.68%
Veröffentlicht 17.08.2020 19:15:21
Zuletzt bearbeitet 21.11.2024 05:10:53
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2013 SwEditionclick-to-run

Microsoft ≫ Office Version2019 SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.68%	0.926

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1581

EUVD