Office ClickToRun
by Microsoft
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47293 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||
| CVE-2021-27058 | 0.01 | — | 0.03 | Mar 11, 2021 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | |||
| CVE-2020-16955 | 0.01 | — | 0.03 | Oct 16, 2020 | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to… | |||
| CVE-2020-1581 | 0.01 | — | 0.04 | Aug 17, 2020 | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to… | |||
| CVE-2023-36568 | 0.00 | — | 0.00 | Oct 10, 2023 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | |||
| CVE-2022-22004 | 0.00 | — | 0.02 | Feb 9, 2022 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | |||
| CVE-2019-1449 | 0.00 | — | 0.06 | Nov 12, 2019 | A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this… |
- risk 0.45cvss 7.0epss 0.00
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
- CVE-2021-27058Mar 11, 2021risk 0.01cvss —epss 0.03
Microsoft Office ClickToRun Remote Code Execution Vulnerability
- CVE-2020-16955Oct 16, 2020risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to…
- CVE-2020-1581Aug 17, 2020risk 0.01cvss —epss 0.04
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to…
- CVE-2023-36568Oct 10, 2023risk 0.00cvss —epss 0.00
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
- CVE-2022-22004Feb 9, 2022risk 0.00cvss —epss 0.02
Microsoft Office ClickToRun Remote Code Execution Vulnerability
- CVE-2019-1449Nov 12, 2019risk 0.00cvss —epss 0.06
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this…