mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
65 lines
2.4 KiB
JSON
65 lines
2.4 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secure@microsoft.com",
|
|
"ID": "CVE-2020-0697",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Office 365 ProPlus",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "64-bit Systems"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Microsoft"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Tampering"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697",
|
|
"refsource": "MISC",
|
|
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697"
|
|
}
|
|
]
|
|
}
|
|
} |