1. Home
  2. CVE Database
  3. CVE-2020-0908
HIGH · 7.5

CVE-2020-0908

<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victi...

Vulnerability Description

<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (Chromium-based), and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.</p> <p>The security update addresses the vulnerability by correcting how the Windows Text Service Module handles memory.</p>

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MicrosoftWindows 101607
MicrosoftWindows Server 2016-
MicrosoftWindows Server 2019-

References

FAQ

What is CVE-2020-0908?

CVE-2020-0908 is a vulnerability with a CVSS score of 7.5 (HIGH). <p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victi...

How severe is CVE-2020-0908?

CVE-2020-0908 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-0908?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows Server 2016, Microsoft Windows Server 2019.