| Vulnerability Name: | CVE-2020-0697 (CCN-175253) | ||||||||||||
| Assigned: | 2019-11-04 | ||||||||||||
| Published: | 2020-02-11 | ||||||||||||
| Updated: | 2021-07-21 | ||||||||||||
| Summary: | An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-269 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-0697 Source: XF Type: UNKNOWN ms-office-cve20200697-priv-esc(175253) Source: CCN Type: Microsoft Security TechCenter - February 2020 Microsoft Office Tampering Vulnerability Source: MISC Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||