Security Features in Microsoft Office and Microsoft Outlook - CVE-2020-0696
Published: February 11, 2020
Vulnerability identifier: #VU25203
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0696
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Office
Microsoft Outlook
Microsoft Office
Microsoft Outlook
Detailed vulnerability description
This vulnerability allows a local attacker to bypass security rescritions feature.
The vulnerability exists due to the Microsoft Outlook software improperly handles the parsing of URI formats. A remote attacker can trick a victim to open a specially crafted URI and execute target application.
The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability.
How to mitigate CVE-2020-0696
Install updates from vendor's website.