Lucene search

[email protected]NVD:CVE-2020-1567

HistoryAug 17, 2020 - 7:15 p.m.

CVE-2020-1567

2020-08-1719:15:20

[email protected]

web.nvd.nist.gov

vulnerability

code execution

mshtml

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

7.5

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.
An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.
The security update addresses the vulnerability by modifying how MSHTML engine validates input.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch11-

AND

microsoftwindows_10Match-x64

microsoftwindows_10Match-x86

microsoftwindows_10Match1607x64

microsoftwindows_10Match1607x86

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_7Match-sp1

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016

microsoftwindows_server_2019Match-

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_server_2008Match-sp2

VendorProductVersionCPE
microsoftinternet_explorer11cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	11	cpe:2.3:a:microsoft:internet_explorer:11:-::::::
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-::::::x64:
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-::::::x86:
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607::::::x64:
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607::::::x86:
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709:::::::*
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803:::::::*
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809:::::::*
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*