CVE-2020-1064

Опубликовано: 12 мая 2020

Источник: msrc

CVSS3: 6.4

EPSS Низкий

Описание

MSHTML Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.

An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.

The security update addresses the vulnerability by modifying how MSHTML engine validates input.

Обновления

Продукт	Статья	Обновление
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2	4556860 4556798	Monthly Rollup IE Cumulative
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2	4556860 4556798	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1	4556798 4556836	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1	4556798 4556836	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows 8.1 for 32-bit systems	4556798 4556846	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows 8.1 for x64-based systems	4556798 4556846	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	4556798 4556836	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows Server 2012	4556798 4556840	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows Server 2012 R2	4556798 4556846	IE Cumulative Monthly Rollup
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems	4556807	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 93%

0.09339

Низкий

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2020-1064

CVSS3: 7.5

nvd

больше 5 лет назад

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.

GHSA-q5p2-r47g-84cm

github

больше 3 лет назад

BDU:2020-03000