CVE-2020-1064

CVE Database · CVE-2020-1064

CVE-2020-1064

· HIGHModified

CVSS v3.1

7.5

EPSS

7.17%

Published

May 21, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products (18)

microsoft · internet_explorervulnerable

microsoft · windows_server_2008

microsoft · internet_explorervulnerable

microsoft · windows_10

microsoft · windows_7

microsoft · windows_8.1

microsoft · windows_rt_8.1

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1064

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1064

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs