Microsoft Office 365 Apps for Enterprise fino 2019 Access Connectivity Engine Remote Code Execution

voceeditHistoryDiffjsonxmlCTI

Un punto critico di livello critico è stato rilevato in Microsoft Office 2010 SP2 fino 2019 (Office Suite Software). Da questa vulnerabilità è interessato una funzione sconosciuta del componente Access Connectivity Engine. Applicando a patch è possibile eliminare il problema. Una possibile soluzione è stata pubblicata immediatamente dopo la pubblicazione della vulnerabilità.

Campo11/11/2020 09:5305/12/2020 01:3305/12/2020 01:36
cvss3_vuldb_sUUU
cvss3_vendor_iHHH
cvss3_vuldb_rlOOO
typeSecurity GuidanceSecurity GuidanceSecurity Guidance
cvss3_vuldb_eUUU
vendorMicrosoftMicrosoftMicrosoft
cvss3_vendor_rcCCC
date1604995200 (10/11/2020)1604995200 (10/11/2020)1604995200 (10/11/2020)
cvss3_vendor_cHHH
urlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17062https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17062https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17062
date1604995200 (10/11/2020)1604995200 (10/11/2020)1604995200 (10/11/2020)
cvss3_vuldb_uiRRR
cvss3_vuldb_prNNN
namePatchPatchPatch
locationWebsiteWebsiteWebsite
cvss3_vuldb_acLLL
cvss3_vendor_acLLL
cvss3_vendor_prNNN
cvss3_vendor_sUUU
cvss3_vendor_uiRRR
cvss3_vendor_rlOOO
disputed000
cvss3_vendor_aHHH
cvss3_vendor_eUUU
cvss2_vuldb_rcCCC
cveCVE-2020-17062CVE-2020-17062CVE-2020-17062
falsepositive000
cvss3_vuldb_rcCCC
cvss3_vendor_avLLL
version2010 SP2/2013 SP1/2013 RT SP1/2016/2019/365 Apps for Enterprise2010 SP2/2013 SP1/2013 RT SP1/2016/2019/365 Apps for Enterprise2010 SP2/2013 SP1/2013 RT SP1/2016/2019/365 Apps for Enterprise
componentAccess Connectivity EngineAccess Connectivity EngineAccess Connectivity Engine
nameOfficeOfficeOffice
cvss3_vuldb_avNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
typeOffice Suite SoftwareOffice Suite SoftwareOffice Suite Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore5.55.55.5
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.55.55.5
cvss3_meta_basescore7.07.07.3
cvss3_meta_tempscore6.16.16.4
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned15964920001596492000
cve_nvd_summaryMicrosoft Office Access Connectivity Engine Remote Code Execution VulnerabilityMicrosoft Office Access Connectivity Engine Remote Code Execution Vulnerability
cvss3_vendor_basescore7.87.8
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciC
cvss2_nvd_iiC
cvss2_nvd_aiC
cvss2_nvd_basescore9.3
cvss3_nvd_basescore7.8

Interested in the pricing of exploits?

See the underground prices here!