CVE-2020-0688

Summary

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Exchange Server 2013Cumulative Update 23affected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 3unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 14unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 15unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 4unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2010 Service Pack 3 Update Rollup 30unspecifiedaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References