Unrated severityNVD Advisory· Published Oct 16, 2020· Updated Nov 15, 2024

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

CVE-2020-16955

Description

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.

Affected products

Microsoft/365 Appsv5
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
Range: 16.0.1
Microsoft/Officev52 versions
cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:x86:*+ 1 more
- cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:x86:*range: 15.0.0.0
- cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*range: 19.0.0
Microsoft/Office Click-To-Runllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000