CVE-2020-0688

Type:

Deserialization of Untrusted Data

Severity:

High

Publication date:

02/11/2020

Last modified:

02/20/2020

Description

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Impact

Access Vector: Through network

Access Complexity: Low

Authentication: Requires a single instance to exploit

Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability

Vulnerable software and versions

cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup_30:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 (Source: MISC)
https://www.zerodayinitiative.com/advisories/ZDI-20-258/ (Source: MISC)

Explanation of fields

Corporate access

CVE-2020-0688