CVE-2020-1410

Published Jul 14, 2020

Last updated 4 years ago

CVSS high 7.8

Overview

Description: A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'.
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "897A48D7-FCA1-4560-AFBB-718AF19BA3A2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "507EB48C-F479-424C-8ABA-C279AB4FE3F4"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "8C72C155-6880-434B-B217-EAA3BA2D0BB8"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "1B3308A0-1699-4A4A-8D6B-AB4E4C825C95"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "C96ED0E4-E43A-433C-AD98-FD6AEEB70BA2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "39EAF874-1941-4FB8-A70A-BD53F89801E4"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "1981BA0D-0920-40C0-8A6A-5D5A1B221560"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "5DBF4B5B-8782-494D-86FC-B83DCEB735A3"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "6CF580BA-6938-40F6-9D86-F43044A6BACA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E038AA-514F-48AC-B45E-859EE32525B4"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "16F864AE-C519-4D23-9D24-B65E53C5CD28"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "2487AF09-F003-482A-BD42-31F6AEAA033F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "A07F4D5D-EA91-4B77-9B74-D4741FFA8D85"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "31622391-A67E-4E2A-A855-1316B6E38630"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "61F0792D-7587-4297-8EE7-D4DC3A30EE84"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "7649042B-4430-4BD9-B82F-984A2831A651"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "E6132F03-DA28-4830-A69F-C2154C7FD96C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "09D9A720-8D3C-4699-AC57-CB4531E5BFEB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "BF67A7F7-466F-467D-8D2B-3273714D43C3"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "06BBFA69-94E2-4BAB-AFD3-BC434B11D106"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "C936FD4F-959C-43B8-9917-E2A0DF4A8793"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References