CVE-2020-0697
First published: Tue Feb 11 2020(Updated: )
An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office 365 Proplus |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-0697?
CVE-2020-0697 is an elevation of privilege vulnerability in Microsoft Office OLicenseHeartbeat task.
What is the severity of CVE-2020-0697?
The severity of CVE-2020-0697 is high, with a CVSS score of 7.8.
How does CVE-2020-0697 exploit work?
To exploit CVE-2020-0697, an authenticated attacker needs to place a specially crafted file in a specific location and run the OLicenseHeartbeat task as SYSTEM.
Which software is affected by CVE-2020-0697?
Microsoft Office 365 Proplus is affected by CVE-2020-0697.
How can I find more information about CVE-2020-0697?
You can find more information about CVE-2020-0697 on the Microsoft Security Guidance Advisory page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/microsoft
- canonical/microsoft office 365 proplus