Remote Code Execution Vulnerability in Microsoft Edge PDF Reader
CVE-2020-1096

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1809 For 32-bit Systems
Vendor: CVE Published:; 21 May 2020

Summary

A vulnerability exists in Microsoft Edge PDF Reader where improper handling of objects in memory allows for remote code execution. This can lead to potential unauthorized access to system resources, putting user data at risk. Ensuring that Microsoft Edge is updated to the latest version is crucial for mitigating the risks associated with this vulnerability.

Affected Version(s)

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems = unspecified

Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 4, 2019