CVE-2020-1567

Published: Aug 17, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input.

Vendor	Product	Versions
Microsoft	Internet Explorer 11	affected `1.0.0 - < publication`
Microsoft	Internet Explorer 9	affected `1.0.0 - < publication`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-1567

Description

Affected Products

CVSS v3.1 Details

References