vulnerability

Microsoft Office: CVE-2020-0697: Microsoft Office Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Feb 11, 2020	Aug 13, 2020	Sep 12, 2023

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Feb 11, 2020

Added

Aug 13, 2020

Modified

Sep 12, 2023

Description

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.

Solution

office-click-to-run-upgrade-latest

References

CVE-2020-0697
https://attackerkb.com/topics/CVE-2020-0697

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today