CVE-2020-16928

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Средний

Описание

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.

To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*

cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*

EPSS

Процентиль: 93%

0.10901

Средний

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-16928

CVSS3: 7.8

msrc

больше 5 лет назад

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

GHSA-3p6w-82x2-65rf

CVSS3: 7.8

github

больше 3 лет назад

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.

BDU:2020-04772

CVSS3: 7.8

fstec

больше 5 лет назад

Уязвимость компонента Click-to-Run (C2R) офисных программ Microsoft Office и Office 365, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 93%

0.10901

Средний

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo