CVE-2020-16957 - A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine

CVE-2020-16957

Summary

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Microsoft Office Access Connectivity Engine handles objects in memory.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16957

Vulnerable Configurations

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 31-12-2023 - 20:15)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16957

Last major update

31-12-2023 - 20:15

Published

16-10-2020 - 23:15

Last modified

31-12-2023 - 20:15