Office Click-To-Run

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-40420	Microsoft Office Click-To-Run	Hig	0.57	8.8	0.00	May 12, 2026	Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436	Microsoft Office Click-To-Run	Hig	0.57	8.8	0.00	May 12, 2026	Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40418	Microsoft Office Click-To-Run	Hig	0.51	7.8	0.00	May 12, 2026	Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2020-16955	Microsoft Office		0.01	—	0.11	Oct 16, 2020	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to…
CVE-2023-36568	Microsoft Office		0.00	—	0.00	Oct 10, 2023	Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

CVE-2026-40420HigMay 12, 2026
Microsoft
Office Click-To-Run
risk 0.57cvss 8.8epss 0.00
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436HigMay 12, 2026
Microsoft
Office Click-To-Run
risk 0.57cvss 8.8epss 0.00
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40418HigMay 12, 2026
Microsoft
Office Click-To-Run
risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2020-16955Oct 16, 2020
Microsoft
Office
risk 0.01cvss —epss 0.11
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to…
CVE-2023-36568Oct 10, 2023
Microsoft
Office
risk 0.00cvss —epss 0.00
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability