Skip to main content

Office 365 Proplus CVE-2020-0697

HIGH
2020-02-11 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 11, 2020 - 22:15 nvd
HIGH 7.8

DescriptionNVD

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.

AnalysisAI

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'. Affected products include: Microsoft Office 365 Proplus.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-0541 HIGH POC
8.8 Jan 08

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML E

CVE-2019-1449 CRITICAL
9.8 Nov 12

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially c

CVE-2019-1205 CRITICAL
9.8 Aug 14

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memo

CVE-2020-0979 HIGH
8.8 Apr 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2020-0906 HIGH
8.8 Apr 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2020-0850 HIGH
8.8 Mar 12

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memo

CVE-2020-0759 HIGH
8.8 Feb 11

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1331 HIGH
8.8 Oct 10

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1327 HIGH
8.8 Oct 10

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1297 HIGH
8.8 Sep 11

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

CVE-2019-1111 HIGH
8.8 Jul 15

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje

Share

CVE-2020-0697 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy