New Search

Microsoft COM for Windows Remote Code Execution Vulnerability - CVE-2020-0922

oval:org.cisecurity:def:8305

A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2020-0922
  • MSRC-CVE-2020-0922
  • KB4577053
  • KB4577070
  • KB4577048
  • KB4577071
  • KB4577049
  • KB4577015
  • KB4577041
  • KB4577032
  • KB4570333
  • KB4574727
Product(s):