PT-2020-3975 · Microsoft · Windows Text Service Module+2
Liu Long
·
Published
2020-08-09
·
Updated
2023-12-31
·
CVE-2020-0908
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Windows Text Service Module (affected versions not specified)
Description:
A remote code execution issue exists due to improper memory handling by the Windows Text Service Module, allowing an attacker to gain execution on a victim system. This could be exploited through specially crafted websites viewed by Microsoft Edge (Chromium-based), or through compromised websites hosting user-provided content. An attacker would need to convince users to view the attacker-controlled content, typically through enticement. The issue is related to a buffer overflow in memory.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edge
Windows
Windows Text Service Module