CVE-2020-1175
published 2020-05-21CVE-2020-1175: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code…
PriorityP342high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
10.89%
95.3th percentile
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgwf-5g3h-w8pm: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1174 [HIGH] CWE-119 GHSA-mgwf-5g3h-w8pm: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176.
GHSA
GHSA-c2wp-wg66-pjw8: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1051 [HIGH] CWE-119 GHSA-c2wp-wg66-pjw8: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176.
GHSA
GHSA-wmw3-jfvx-7mfr: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1176 [HIGH] CWE-119 GHSA-wmw3-jfvx-7mfr: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175.
GHSA
GHSA-55jh-j327-hq52: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1175 [HIGH] CWE-119 GHSA-55jh-j327-hq52: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176.
Microsoft
Jet Database Engine Remote Code Execution Vulnerability
vendor_msrc·2020-05-12·CVSS 7.8
CVE-2020-1175 [HIGH] Jet Database Engine Remote Code Execution Vulnerability
Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Microsoft JET Database Engine: Microsoft JET Database Engine
Issuing CNA: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Referenc
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
blogs_trendmicro·2020-05-13·CVSS 8.8
[HIGH] Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
Exploits & Vulnerabilities
# Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important.
By: Trend Micro
2020/05/13
Read time: ( words)
Save to Folio
Updated on May 20, 2020, 1:45 P.M. PST to include additional Trend Micro solutions.
This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important. Four of the vulnerabilities rated as Important for this release were disclosed by the Zero Day Initiative (ZDI): two for remote code execution (RCE) and two for escalation of privileges. Other updates include a few fixes for security flaws for
Talos
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-05-12·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.
Cisco Talos specifically disclosed CVE-2020-0901 , a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.
Talos also released a new set of SNORTⓇ rules that provi
Talos
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-05-12·CVSS 9.8
CVE-2020-0901 [CRITICAL] Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.
Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the full Snort rule
Bugzilla
CVE-2018-11439 taglib: heap-based buffer over-read via a crafted audio file
bugzilla·2018-05-31·CVSS 6.5
CVE-2018-11439 [MEDIUM] CVE-2018-11439 taglib: heap-based buffer over-read via a crafted audio file
CVE-2018-11439 taglib: heap-based buffer over-read via a crafted audio file
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
References:
http://seclists.org/fulldisclosure/2018/May/49
Discussion:
Created mingw-taglib tracking bugs for this issue:
Affects: fedora-all [bug 1584871]
Created taglib tracking bugs for this issue:
Affects: fedora-all [bug 1584870]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1175 https://access.redhat.com/errata/RHSA-2020:1175
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat
2020-05-21
Published