9.3
CVSSv2

CVE-2020-1299

Published: 09/06/2020 Updated: 15/06/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by improper processing of shortcut LNK references. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Github Repositories

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit az3r0th committed 5815470 2 minutes ago … Updating resources Git stats 35 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Updating resources 2 minutes ago View code README.md GitHub - DamonMohammadbagher/eBook-BypassingAVsByCSharp: eBook "Bypassing AVS by C#.NET Programming" (Free Chapters only) Python Regex Cheat Sheet: Regular Expressions in Python Discord Microsoft Windows LNK Remote Code Execution Vulnerability — CVE-2020-1299 — MOV AX, BX Other Authentication Methods | GitHub Developer Guide Other Authentication Methods | GitHub Developer Guide About No description, website, or topics provided. Resources Readme Releases No releases published

Recent Articles

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
Threatpost • Lindsey O'Donnell • 09 Jun 2020

Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates – the highest number of CVEs ever released by Microsoft in a single month.
Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server, Windows Shell, VBScript and other products. Unlike other recent monthly updates from Microsoft, its June updates did not include any zero-day vulnerabilities being actively attacked in the wild.<...

The Register

Microsoft has given admins another busy Patch Tuesday with 129 security vulnerabilities to address.
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. The massive bundle is not entirely unexpected, as security experts have suggested that vendors are still catching up on their patching and reporting routines.
Of the 129 patches this month, 11 were rated by Microsoft as 'critical' security ris...