New Search

Windows Address Book Remote Code Execution Vulnerability - CVE-2020-1410

oval:org.cisecurity:def:8004

A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. To exploit the vulnerability an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB). After successfully exploiting the vulnerability an attacker could gain execution on a victim system. The security update addresses the vulnerability by correcting the way Windows Address Book handles bound checking.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2020-1410
  • MSRC-CVE-2020-1410
  • KB4565539
  • KB4565529
  • KB4565535
  • KB4565540
  • KB4565513
  • KB4565511
  • KB4565508
  • KB4565489
  • KB4558998
  • KB4565483
Product(s):