cvelistv5 - cve-2020-0984

CVE-2020-0984 (GCVE-0-2020-0984)

Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:18

Summary

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.

Severity ?

No CVSS data available.

CWE

Elevation of Privilege

Assigner

microsoft

References

URL

Tags

https://portal.msrc.microsoft.com/en-US/security-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft AutoUpdate for Mac	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:18:03.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft AutoUpdate for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T15:13:14",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft AutoUpdate for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0984",
    "datePublished": "2020-04-15T15:13:15",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:18:03.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:autoupdate:-:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"B422B571-566F-495D-A7F8-C85F6781594C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Hay una vulnerabilidad de elevaci\\u00f3n de privilegios cuando la aplicaci\\u00f3n Microsoft AutoUpdate (MAU) para Mac comprueba apropiadamente las actualizaciones antes de ejecutarlas, tambi\\u00e9n se conoce como \\\"Microsoft (MAU) Office Elevation of Privilege Vulnerability\\\".\"}]",
      "id": "CVE-2020-0984",
      "lastModified": "2024-11-21T04:54:35.690",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-15T15:15:18.997",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0984\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-04-15T15:15:18.997\",\"lastModified\":\"2024-11-21T04:54:35.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando la aplicaci\u00f3n Microsoft AutoUpdate (MAU) para Mac comprueba apropiadamente las actualizaciones antes de ejecutarlas, tambi\u00e9n se conoce como \\\"Microsoft (MAU) Office Elevation of Privilege Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:autoupdate:-:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"B422B571-566F-495D-A7F8-C85F6781594C\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	ChakraCore
Microsoft	N/A	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library V1.4
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 64 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Dynamics NAV 2017
Microsoft	N/A	Microsoft Dynamics NAV 2015
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	Microsoft System Center 2012 R2 Endpoint Protection
Microsoft	N/A	Microsoft Dynamics NAV 2013
Microsoft	N/A	Dynamics 365 Server, version 9.0 (on-premises)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft System Center Endpoint Protection
Microsoft	N/A	Microsoft Visio 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft RMS Sharing pour Mac
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visio 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Dynamics 365 BC On Premise
Microsoft	N/A	Microsoft Dynamics NAV 2016
Microsoft	N/A	Microsoft AutoUpdate pour Mac
Microsoft	N/A	Microsoft Your Phone Companion App pour Android
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 32 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Remote Desktop pour Mac
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.5
Microsoft	N/A	Dynamics 365 Business Central 2019 Spring Update
Microsoft	N/A	Microsoft System Center 2012 Endpoint Protection

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library V1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Business Productivity Servers 2010 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 R2 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Server, version 9.0 (on-premises)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft RMS Sharing pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 BC On Premise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft AutoUpdate pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Your Phone Companion App pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Remote Desktop pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Spring Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0899"
    },
    {
      "name": "CVE-2020-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0984"
    },
    {
      "name": "CVE-2020-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0931"
    },
    {
      "name": "CVE-2020-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0760"
    },
    {
      "name": "CVE-2020-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1026"
    },
    {
      "name": "CVE-2020-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1018"
    },
    {
      "name": "CVE-2020-0969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0969"
    },
    {
      "name": "CVE-2020-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1002"
    },
    {
      "name": "CVE-2020-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1019"
    },
    {
      "name": "CVE-2020-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1022"
    },
    {
      "name": "CVE-2020-1049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1049"
    },
    {
      "name": "CVE-2020-1050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1050"
    },
    {
      "name": "CVE-2020-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0919"
    },
    {
      "name": "CVE-2020-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0970"
    },
    {
      "name": "CVE-2020-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0900"
    },
    {
      "name": "CVE-2020-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0943"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-225",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2020-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	ChakraCore
Microsoft	N/A	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library V1.4
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 64 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Dynamics NAV 2017
Microsoft	N/A	Microsoft Dynamics NAV 2015
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	Microsoft System Center 2012 R2 Endpoint Protection
Microsoft	N/A	Microsoft Dynamics NAV 2013
Microsoft	N/A	Dynamics 365 Server, version 9.0 (on-premises)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft System Center Endpoint Protection
Microsoft	N/A	Microsoft Visio 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft RMS Sharing pour Mac
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visio 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Dynamics 365 BC On Premise
Microsoft	N/A	Microsoft Dynamics NAV 2016
Microsoft	N/A	Microsoft AutoUpdate pour Mac
Microsoft	N/A	Microsoft Your Phone Companion App pour Android
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 32 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Remote Desktop pour Mac
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.5
Microsoft	N/A	Dynamics 365 Business Central 2019 Spring Update
Microsoft	N/A	Microsoft System Center 2012 Endpoint Protection

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library V1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Business Productivity Servers 2010 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 R2 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Server, version 9.0 (on-premises)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft RMS Sharing pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 BC On Premise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft AutoUpdate pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Your Phone Companion App pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Remote Desktop pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Spring Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0899"
    },
    {
      "name": "CVE-2020-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0984"
    },
    {
      "name": "CVE-2020-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0931"
    },
    {
      "name": "CVE-2020-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0760"
    },
    {
      "name": "CVE-2020-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1026"
    },
    {
      "name": "CVE-2020-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1018"
    },
    {
      "name": "CVE-2020-0969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0969"
    },
    {
      "name": "CVE-2020-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1002"
    },
    {
      "name": "CVE-2020-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1019"
    },
    {
      "name": "CVE-2020-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1022"
    },
    {
      "name": "CVE-2020-1049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1049"
    },
    {
      "name": "CVE-2020-1050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1050"
    },
    {
      "name": "CVE-2020-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0919"
    },
    {
      "name": "CVE-2020-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0970"
    },
    {
      "name": "CVE-2020-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0900"
    },
    {
      "name": "CVE-2020-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0943"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-225",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2020-0984

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-0984

Aliases

CVE-2020-0984

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0984",
    "description": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027.",
    "id": "GSD-2020-0984"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0984"
      ],
      "details": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027.",
      "id": "GSD-2020-0984",
      "modified": "2023-12-13T01:21:44.249254Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-0984",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft AutoUpdate for Mac",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:autoupdate:-:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0984"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-15T15:15Z"
    }
  }
}

FKIE_CVE-2020-0984

Vulnerability from fkie_nvd - Published: 2020-04-15 15:15 - Updated: 2024-11-21 04:54

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	autoupdate	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:autoupdate:-:*:*:*:*:macos:*:*",
              "matchCriteriaId": "B422B571-566F-495D-A7F8-C85F6781594C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando la aplicaci\u00f3n Microsoft AutoUpdate (MAU) para Mac comprueba apropiadamente las actualizaciones antes de ejecutarlas, tambi\u00e9n se conoce como \"Microsoft (MAU) Office Elevation of Privilege Vulnerability\"."
    }
  ],
  "id": "CVE-2020-0984",
  "lastModified": "2024-11-21T04:54:35.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T15:15:18.997",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7794-M8W6-JF63

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-7794-m8w6-jf63",
  "modified": "2022-05-24T17:14:34Z",
  "published": "2022-05-24T17:14:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0984"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-24071

Vulnerability from cnvd - Published: 2020-04-22

Title

Microsoft AutoUpdate for Mac提权漏洞

Description

Microsoft AutoUpdate for Mac是一款适用于Mac的自动升级组件。 Microsoft AutoUpdate for Mac中存在提权漏洞，该漏洞源于在执行更新之前，程序未能正确验证更新，攻击者可借助特制的二进制文件利用该漏洞利用该漏洞提升权限。

Severity

高

Patch Name

Microsoft AutoUpdate for Mac提权漏洞的补丁

Patch Description

Microsoft AutoUpdate for Mac是一款适用于Mac的自动升级组件。 Microsoft AutoUpdate for Mac中存在提权漏洞，该漏洞源于在执行更新之前，程序未能正确验证更新，攻击者可借助特制的二进制文件利用该漏洞利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-0984

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-0984

Impacted products

Name
Microsoft AutoUpdate for Mac

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0984"
    }
  },
  "description": "Microsoft AutoUpdate for Mac\u662f\u4e00\u6b3e\u9002\u7528\u4e8eMac\u7684\u81ea\u52a8\u5347\u7ea7\u7ec4\u4ef6\u3002\n\nMicrosoft AutoUpdate for Mac\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6267\u884c\u66f4\u65b0\u4e4b\u524d\uff0c\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u66f4\u65b0\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-0984",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-24071",
  "openTime": "2020-04-22",
  "patchDescription": "Microsoft AutoUpdate for Mac\u662f\u4e00\u6b3e\u9002\u7528\u4e8eMac\u7684\u81ea\u52a8\u5347\u7ea7\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft AutoUpdate for Mac\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6267\u884c\u66f4\u65b0\u4e4b\u524d\uff0c\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u66f4\u65b0\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft AutoUpdate for Mac\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft AutoUpdate for Mac"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-0984",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-16",
  "title": "Microsoft AutoUpdate for Mac\u63d0\u6743\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0984 (GCVE-0-2020-0984)

CERTFR-2020-AVI-225

Solution

CERTFR-2020-AVI-225

Solution

GSD-2020-0984

FKIE_CVE-2020-0984

GHSA-7794-M8W6-JF63

CNVD-2020-24071

Tags

Sightings

Nomenclature