CVE-2020-1286
HIGHWindows 10 and Windows Server 2016/2019 - Remote Code Execution via Improper File Path Validation
Title source: llmDescription
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1286
Scores
CVSS v3
8.8
EPSS
0.1178
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (10)
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1903
microsoft/windows_10
1909
microsoft/windows_10
2004
microsoft/windows_server_2016
1803
microsoft/windows_server_2016
1903
microsoft/windows_server_2016
1909
microsoft/windows_server_2016
2004
microsoft/windows_server_2019
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026