CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-16934

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.6%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 6.8

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934

Products affected by CVE-2020-16934

Microsoft » 365 Apps » Version: N/A

cpe:2.3:a:microsoft:365_apps:-
Microsoft » Office » Version: 2019

cpe:2.3:a:microsoft:office:2019
Microsoft » Office 2013 Click-To-Run » Version: N/A

cpe:2.3:a:microsoft:office_2013_click-to-run:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-16934

Products

Pricing

Contact Us