7.6

CVE-2020-1567

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.
An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.
The security update addresses the vulnerability by modifying how MSHTML engine validates input.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 Version- HwPlatformx64
   MicrosoftWindows 10 Version- HwPlatformx86
   MicrosoftWindows 10 Version1607 HwPlatformx64
   MicrosoftWindows 10 Version1607 HwPlatformx86
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 10 Version1903
   MicrosoftWindows 10 Version1909
   MicrosoftWindows 10 Version2004
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016
   MicrosoftWindows Server 2019 Version-
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.48% 0.848
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
secure@microsoft.com 4.2 1.6 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N