Lucene search
+L

31 matches found

OSV
OSV
added 2020/10/16 11:15 p.m.6 views

CVE-2020-16934

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

7CVSS5.8AI score0.02678EPSS
Exploits0References1
NVD
NVD
added 2020/10/16 11:15 p.m.26 views

CVE-2020-16928

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

7.8CVSS0.03411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/10/13 12:0 a.m.4 views

PT-2020-4380 · Microsoft · Office Click-To-Run

Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to errors in handling objects in memory within the Microsoft Office Click-to-Run C2R component. It allows an attacker to elevate their...

7.8CVSS6.6AI score0.02678EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/10/13 12:0 a.m.4 views

PT-2020-4318 · Microsoft · Office Click-To-Run

Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to the handling of certain files by Microsoft Office Click-to-Run C2R AppVLP, which can lead to an elevation of privilege. An attacker would...

7.8CVSS7.5AI score0.03482EPSS
Exploits0References3
OSV
OSV
added 2020/08/17 7:15 p.m.3 views

CVE-2020-1581

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...

7.8CVSS7.3AI score0.03717EPSS
Exploits0References1
OSV
OSV
added 2019/11/12 7:15 p.m.4 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

9.8CVSS7.3AI score0.06363EPSS
Exploits0References1
NVD
NVD
added 2019/11/12 7:15 p.m.27 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

10CVSS9.5AI score0.06363EPSS
Exploits0References1
Prion
Prion
added 2019/11/12 7:15 p.m.21 views

Security feature bypass

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

10CVSS9.3AI score0.06363EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/12 6:53 p.m.34 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

9.5AI score0.06363EPSS
Exploits0References1
CVE
CVE
added 2019/11/12 6:53 p.m.97 views

CVE-2019-1449

CVE-2019-1449 describes a security feature bypass in Office Click-to-Run (C2R) where specially crafted files can escalate from a standard user to SYSTEM within LPAC Protected View. Affected is the Office C2R handling component; exploitation requires user to open a crafted file. The CVSSv3.1 base ...

10CVSS9.3AI score0.06363EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2016/09/14 10:59 a.m.2 views

CVE-2016-0137

The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...

3.3CVSS5.8AI score0.06771EPSS
Exploits0References3
Rows per page
Query Builder