SecuritySpace - CVE-2020-16955

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2020-16955

Description:
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.

To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-16955
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955

CVE ID:	CVE-2020-16955
Description:	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16955 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955