CVE-2020-16957
Description
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
References
PatchVendor Advisory
CvssV3 impact
BaseSeverity | HIGH |
ConfidentialityImpact | HIGH |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | LOCAL |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | NONE |
BaseScore | 7.8 |
VectorString | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Version | 3.1 |
UserInteraction | REQUIRED |
CvssV2 impact
AccessComplexity | MEDIUM |
ConfidentialityImpact | COMPLETE |
AvailabilityImpact | COMPLETE |
IntegrityImpact | COMPLETE |
BaseScore | 9.300000190734863 |
VectorString | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |