CVE-2020-1473

HIGH

Windows Jet Database Engine - RCE

Title source: llm

Description

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Exploits (1)

inthewild

poc

https://github.com/30579096/cve-2020-1473

View on inthewild

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1473

Scores

CVSS v3 7.0

EPSS 0.0601

EPSS Percentile 90.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (20)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_10 2004

microsoft/windows_7

microsoft/windows_8.1

... and 10 more

Published Aug 17, 2020

Tracked Since Feb 18, 2026