Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2020-0922

Published: 11/09/2020 Updated: 31/12/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p> <p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows 7 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows server 2008 -

microsoft windows 10 1709

microsoft windows 8.1 -

microsoft windows 10 1803

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows server 2016 1903

microsoft windows 10 1903

microsoft windows server 2016 1909

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows server 2016 2004

Recent Articles

Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email
The Register • Shaun Nichols in San Francisco • 08 Sep 2020

Don't be so smug, Mac users, you're open to an InDesign project file

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others. September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate. None of the bugs have public exploit code or in-the-wild attacks yet. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away ...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922https://nvd.nist.govhttps://www.theregister.co.uk/2020/09/08/patch_tuesday_september/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook