CVE-2020-1286

HIGH

Windows 10 and Windows Server 2016/2019 - Remote Code Execution via Improper File Path Validation

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.1178
EPSS Percentile 95.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (10)
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_server_2016 1803
microsoft/windows_server_2016 1903
microsoft/windows_server_2016 1909
microsoft/windows_server_2016 2004
microsoft/windows_server_2019
Published Jun 09, 2020
Tracked Since Feb 18, 2026