Vulnerabilities > CVE-2020-1410 - Unspecified vulnerability in Microsoft products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

critical

NVD

Published: 2020-07-14

Updated: 2020-07-24

Summary

A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 10 - Microsoft Windows 10 1607 Microsoft Windows 10 1709 Microsoft Windows 10 1803 Microsoft Windows 10 1809 Microsoft Windows 10 1903 Microsoft Windows 10 1909 Microsoft Windows 10 2004 Microsoft Windows 7 - Microsoft Windows 8.1 - Microsoft Windows RT 8.1 - Microsoft Windows Server 2008 - Microsoft Windows Server 2012 - Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 - Microsoft Windows Server 2016 1903 Microsoft Windows Server 2016 1909 Microsoft Windows Server 2016 2004 Microsoft Windows Server 2019 -	36

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410