Lucene search

K

MicrosoftMS:CVE-2020-0922

HistorySep 08, 2020 - 7:00 a.m.

Microsoft COM for Windows Remote Code Execution Vulnerability

2020-09-0807:00:00

Microsoft

msrc.microsoft.com

24

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.041

Percentile

92.2%

A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.

The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.

Affected configurations

Vulners

Node

microsoftwindows_server_2012Range<2020-Sepr2

OR

microsoftwindows_server_2012Range<2020-Sepr2

OR

microsoftwindows_server_2012Range<2020-Sepr2

OR

microsoftwindows_server_2012Range<2020-Sepr2

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_server_2012Range<2020-Sep

OR

microsoftwindows_server_2012Range<2020-Sep

OR

microsoftwindows_server_2008Range<2020-Sepr2x64

OR

microsoftwindows_server_2008Range<2020-Sepr2x64

OR

microsoftwindows_server_2008Range<2020-Sepr2x64

OR

microsoftwindows_server_2008Range<2020-Sepr2x64

OR

microsoftwindows_server_2008Range<2020-Sepx64

OR

microsoftwindows_server_2008Range<2020-Sepx64

OR

microsoftwindows_server_2008Range<2020-Sepx64

OR

microsoftwindows_server_2008Range<2020-Sepx64

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_rt_8.1Range<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_server_2016Range<2020-Sep

OR

microsoftwindows_defender_on_windows_10_1607_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_defender_on_windows_10_1607_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_server_version_2004Range<2020-Sep

OR

microsoftwindows_10_2004_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_server\,_version_1903Range<2020-Sep

OR

microsoftwindows_10_1903_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1903_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_1709_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1709_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1709_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_server\,_version_1909Range<2020-Sep

OR

microsoftwindows_10_1909_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1909_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1909_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Sep

OR

microsoftwindows_server_2019Range<2020-Sep

OR

microsoftwindows_10_1809_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1809_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1809_for_32-bit_systemsRange<2020-Sep

OR

microsoftwindows_10_1803_for_arm64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1803_for_x64-based_systemsRange<2020-Sep

OR

microsoftwindows_10_1803_for_32-bit_systemsRange<2020-Sep

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.041

Percentile

92.2%

Related for MS:CVE-2020-0922

cve1 cvelist1 prion1 nvd1 threatpost1 mskb15 nessus11 kaspersky2 openvas9 avleonov1