CVE-2020-1581

EPSS 9.68%
Published 17.08.2020 19:15:21
Last modified 21.11.2024 05:10:53
Source secure@microsoft.com
Teams watchlist Login
Open Login

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2013 SwEditionclick-to-run

Microsoft ≫ Office Version2019 SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.68%	0.926

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1581

EUVD