Skip to main content

CVE-2020-0922

Severity High
Score 8.8/10

Summary

<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p> <p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

References

Advisory Timeline

  • Published