Main Vulnerability Database Vulnerabilities #VU25203

#VU25203 Security Features in Microsoft Office and Microsoft Outlook - CVE-2020-0696

Published: February 11, 2020

Vulnerability identifier: #VU25203

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0696

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office
Microsoft Outlook

Software vendor:
Microsoft

Description

This vulnerability allows a local attacker to bypass security rescritions feature.

The vulnerability exists due to the Microsoft Outlook software improperly handles the parsing of URI formats. A remote attacker can trick a victim to open a specially crafted URI and execute target application.

The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696

#VU25203 Security Features in Microsoft Office and Microsoft Outlook - CVE-2020-0696

Description

Remediation

External links

Please verify you're human