7.6

CVE-2020-1219

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 10 Version1903
   MicrosoftWindows 10 Version1909
   MicrosoftWindows 10 Version2004
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-
MicrosoftEdge Version-
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 10 Version1903
   MicrosoftWindows 10 Version1909
   MicrosoftWindows 10 Version2004
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-
MicrosoftChakracore Version < 1.11.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 21.89% 0.956
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.