Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.

N/A

N/A

Microsoft Office Click-to-Run 安全漏洞

Microsoft Office是美国微软（Microsoft）公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office Click-to-Run (C2R)组件中处理内存对象的方法存在提权漏洞。攻击者可借助特制请求利用该漏洞提升权限。以下产品及版本受到影响：Microsoft Office 2013 Click-to-Run(C2R)，365 Apps for Enterprise，Office 20

N/A

N/A