31 matches found
CVE-2020-16934
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...
CVE-2020-16928
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...
PT-2020-4380 · Microsoft · Office Click-To-Run
Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to errors in handling objects in memory within the Microsoft Office Click-to-Run C2R component. It allows an attacker to elevate their...
PT-2020-4318 · Microsoft · Office Click-To-Run
Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to the handling of certain files by Microsoft Office Click-to-Run C2R AppVLP, which can lead to an elevation of privilege. An attacker would...
CVE-2020-1581
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...
CVE-2019-1449
A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...
CVE-2019-1449
A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...
Security feature bypass
A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...
CVE-2019-1449
A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...
CVE-2019-1449
CVE-2019-1449 describes a security feature bypass in Office Click-to-Run (C2R) where specially crafted files can escalate from a standard user to SYSTEM within LPAC Protected View. Affected is the Office C2R handling component; exploitation requires user to open a crafted file. The CVSSv3.1 base ...
CVE-2016-0137
The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...