Home

CVE-2020-0697

Description

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka Microsoft Office Tampering Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.243

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Semi Annual Channel for x64 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Semi Annual Channel for x86 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Business Edition Semi Annual Channel for x64 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Business Edition Semi Annual Channel for x86 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Semi Annual Targeted Channel for x64 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Semi Annual Targeted Channel for x86 1908 of version(11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Targeted Channel Version 1908 (Build 11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Semi-Annual Channel Version 1908 (Build 11929.20606)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel for x64 2001 of version(12430.20264)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel for x86 2001 of version(12430.20264)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel for x64 2001 of version(12430.20264)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel for x86 2001 of version(12430.20264)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 365 Monthly Channel Version 2001 (Build 12430.20264)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-28408Update for Office 365 Professional Plus Semi Annual Channel for x64 1908 of version(11929.20606)
PATCH-28410Update for Office 365 Professional Plus Semi Annual Channel for x86 1908 of version(11929.20606)
PATCH-28412Update for Office 365 Business Edition Semi Annual Channel for x64 1908 of version(11929.20606)
PATCH-28414Update for Office 365 Business Edition Semi Annual Channel for x86 1908 of version(11929.20606)
PATCH-28416Update for Office 365 Professional Plus Semi Annual Targeted Channel for x64 1908 of version(11929.20606)
PATCH-28418Update for Office 365 Professional Plus Semi Annual Targeted Channel for x86 1908 of version(11929.20606)
PATCH-28423Update for Office 365 Targeted Channel Version 1908 (Build 11929.20606)
PATCH-28424Update for Office 365 Semi-Annual Channel Version 1908 (Build 11929.20606)
PATCH-28400Update for Office 365 Professional Plus Monthly Channel for x64 2001 of version(12430.20264)
PATCH-28402Update for Office 365 Professional Plus Monthly Channel for x86 2001 of version(12430.20264)
PATCH-28404Update for Office 365 Business Edition Monthly Channel for x64 2001 of version(12430.20264)
PATCH-28406Update for Office 365 Business Edition Monthly Channel for x86 2001 of version(12430.20264)
PATCH-28425Update for Office 365 Monthly Channel Version 2001 (Build 12430.20264)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234