Microsoft Office Tampering Vulnerability - CVE-2020-0697ID: oval:org.secpod.oval:def:61281 | Date: (C)2020-02-13 (M)2023-07-13 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM. To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption. The security update addresses the vulnerability by correcting how the process validates the log file.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft 365 Apps for Enterprise |