cve-2020-1167
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-11-15 16:54
Summary
Microsoft Graphics Components Remote Code Execution Vulnerability
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1709 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1709 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for x64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:25:01.403Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1247/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-1167",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-10T18:18:04.211627Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-15T16:54:23.785Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                  "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
                  "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
                  "ARM64-based Systems",
               ],
               product: "Windows 10 Version 1803",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
                  "ARM64-based Systems",
               ],
               product: "Windows 10 Version 1809",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "x64-based Systems",
               ],
               product: "Windows Server 2019",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
                  "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
                  "ARM64-based Systems",
               ],
               product: "Windows 10 Version 1909",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "32-bit Systems",
               ],
               product: "Windows 10 Version 1709 for 32-bit Systems",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "x64-based Systems",
                  "ARM64-based Systems",
               ],
               product: "Windows 10 Version 1709",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "Unknown",
               ],
               product: "Windows 10 Version 1903 for 32-bit Systems",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "Unknown",
               ],
               product: "Windows 10 Version 1903 for x64-based Systems",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "Unknown",
               ],
               product: "Windows 10 Version 1903 for ARM64-based Systems",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "ARM64-based Systems",
                  "x64-based Systems",
               ],
               product: "Windows 10 Version 2004",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Windows 10 Version 1507",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
               ],
               platforms: [
                  "32-bit Systems",
                  "x64-based Systems",
               ],
               product: "Windows 10 Version 1607",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
               ],
               platforms: [
                  "x64-based Systems",
               ],
               product: "Windows Server 2016",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "publication",
                     status: "affected",
                     version: "10.0.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2020-10-13T07:00:00+00:00",
         descriptions: [
            {
               lang: "en-US",
               value: "<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p>\n<p>To exploit the vulnerability, a user would have to open a specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en-US",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Remote Code Execution",
                     lang: "en-US",
                     type: "Impact",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-31T19:20:04.933Z",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1247/",
            },
         ],
         title: "Microsoft Graphics Components Remote Code Execution Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2020-1167",
      datePublished: "2020-10-16T22:18:14",
      dateReserved: "2019-11-04T00:00:00",
      dateUpdated: "2024-11-15T16:54:23.785Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   meta: {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-1167\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-10-16T23:15:17.617\",\"lastModified\":\"2024-11-21T05:09:53.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p>\\n<p>To exploit the vulnerability, a user would have to open a specially crafted file.</p>\\n<p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>\\n\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecución de código remota en la manera en que Microsoft Graphics Components maneja objetos en memoria, también se conoce como \\\"Microsoft Graphics Components Remote Code Execution Vulnerability\\\".&#xa0;Este ID de CVE es diferente de CVE-2020-16923\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9273B95-20ED-4547-B0A8-95AD15B30372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE74AF3-C559-4645-A6C0-25C3D647AAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1247/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1247/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.