CVE-2020-1581 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-1581

Modified

More Info Official Page

Source-secure@microsoft.com

Published At-17 Aug, 2020 | 19:15

Updated At-19 Jan, 2024 | 00:15

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*

Microsoft Corporation

>>office>>2013

cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*

Microsoft Corporation

>>office>>2019

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581	secure@microsoft.com	Patch Vendor Advisory

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory