CVE-2020-16934

Summary

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p> <p>To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.</p>

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office 2013 Click-to-Run (C2R)15.0.0.0 < 15.0.5571.1000affected
MicrosoftMicrosoft Office 201919.0.0 < https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft 365 Apps for Enterprise16.0.1 < https://aka.ms/OfficeSecurityReleasesaffected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

References