CVE-2020-16955

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.

Published: Oct 17, 2020
Updated: May 4, 2025
CVE: CVE-2020-16955
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / office	2019	2019.x
microsoft / office	2013	2013.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16955

Vulnerability Database

CVE-2020-16955