CVE-2020-0922

Name of the Vulnerable Software and Affected Versions: Microsoft Component Object Model (COM) (affected versions not specified)

Description: The issue is related to errors in processing input data in the Microsoft Component Object Model (COM) component of Windows operating systems. It allows a remote attacker to execute arbitrary code on a target system. To exploit the issue, a user would have to open a specially crafted file or be lured to a website hosting malicious JavaScript. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: To resolve the issue, apply the security update that corrects how Microsoft COM for Windows handles objects in memory. As a temporary workaround, consider restricting access to specially crafted files and malicious websites that could host JavaScript to exploit the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.