CVE-2020-1581

Published: Aug 17, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

Vendor	Product	Versions
Microsoft	Microsoft Office 2013 Click-to-Run (C2R)	affected `15.0.0.0 - < 15.0.5571.1000`
Microsoft	Microsoft Office 2019	affected `19.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft 365 Apps for Enterprise	affected `16.0.1 - < https://aka.ms/OfficeSecurityReleases`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-1581

Description

Affected Products

References