PT-2020-4380 · Microsoft · Office Click-To-Run
Published
2020-10-13
·
Updated
2023-12-31
·
CVE-2020-16934
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Microsoft Office Click-to-Run (C2R) (affected versions not specified)
Description:
The issue is related to errors in handling objects in memory within the Microsoft Office Click-to-Run (C2R) component. It allows an attacker to elevate their privileges by using a specially crafted file. To exploit this, an attacker would need to convince a user to open this file. The vulnerability is addressed by correcting how Microsoft Office Click-to-Run (C2R) components handle certain files.
Recommendations:
To resolve the issue, apply the security update that corrects how Microsoft Office Click-to-Run (C2R) components handle files.
As a temporary workaround, consider restricting the use of specially crafted files that could exploit the vulnerability until the security update is applied.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office Click-To-Run