Lucene search

MicrosoftMS:CVE-2020-0995

HistoryApr 14, 2020 - 7:00 a.m.

Jet Database Engine Remote Code Execution Vulnerability

2020-04-1407:00:00

Microsoft

msrc.microsoft.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

86.9%

JSON

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Affected configurations

Vulners

Node

microsoftwindows_server_2012Range<2020-Aprr2

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Apr

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Apr

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Apr

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Apr

microsoftwindows_server_2016Range<2020-Apr

microsoftwindows_defender_on_windows_10_1607_for_x64-based_systemsRange<2020-Apr

microsoftwindows_defender_on_windows_10_1607_for_32-bit_systemsRange<2020-Apr

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Apr

microsoftwindows_server\,_version_1903Range<2020-Apr

microsoftwindows_10_1903_for_arm64-based_systemsRange<2020-Apr

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_1903_for_32-bit_systemsRange<2020-Apr

microsoftwindows_10_1709_for_arm64-based_systemsRange<2020-Apr

microsoftwindows_10_1709_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_1709_for_32-bit_systemsRange<2020-Apr

microsoftwindows_server\,_version_1909Range<2020-Apr

microsoftwindows_10_1909_for_arm64-based_systemsRange<2020-Apr

microsoftwindows_10_1909_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_1909_for_32-bit_systemsRange<2020-Apr

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Apr

microsoftwindows_server_2019Range<2020-Apr

microsoftwindows_10_1809_for_arm64-based_systemsRange<2020-Apr

microsoftwindows_10_1809_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_1809_for_32-bit_systemsRange<2020-Apr

microsoftwindows_10_1803_for_arm64-based_systemsRange<2020-Apr

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Apr

microsoftwindows_10_1803_for_x64-based_systemsRange<2020-Apr

microsoftwindows_10_1803_for_32-bit_systemsRange<2020-Apr

microsoftwindows_server_2012Range<2020-Apr

microsoftwindows_server_2008Range<2020-Aprr2x64

microsoftwindows_server_2008Range<2020-Aprx64

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-Apr

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-Apr

microsoftwindows_rt_8.1Range<2020-Apr

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

86.9%

JSON

Related for MS:CVE-2020-0995