CVE-2020-0697

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 52.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office 365 Proplus
Timeline
PublishedFeb 11
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerabilit

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft/office_365_proplus32-bit Systems, 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2cgq-hh5m-vc66: An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerabi2022-05-24
CVEList
CVE-2020-0697: An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerabi2020-02-11

📋Vendor Advisories

1
Microsoft
Microsoft Office Elevation of Privilege Vulnerability2020-02-11
CVE-2020-0697 (HIGH CVSS 7.8) | An elevation of privilege vulnerabi | cvebase.io