CVE-2020-0922
Summary
<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p> <p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
References
Advisory Timeline
- Published