VYPR

Office ClickToRun

by Microsoft

CVEs (7)

  • CVE-2026-47293HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

  • CVE-2021-27058Mar 11, 2021
    risk 0.01cvss epss 0.03

    Microsoft Office ClickToRun Remote Code Execution Vulnerability

  • CVE-2020-16955Oct 16, 2020
    risk 0.01cvss epss 0.03

    An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to…

  • CVE-2020-1581Aug 17, 2020
    risk 0.01cvss epss 0.04

    An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to…

  • CVE-2023-36568Oct 10, 2023
    risk 0.00cvss epss 0.00

    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

  • CVE-2022-22004Feb 9, 2022
    risk 0.00cvss epss 0.02

    Microsoft Office ClickToRun Remote Code Execution Vulnerability

  • CVE-2019-1449Nov 12, 2019
    risk 0.00cvss epss 0.06

    A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this…