CyberSec.Space Logo
Back to CVE Browser

CVE-2020-1350

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score58.7380%
EPSS Percentile86.58th
PublishedJul 14, 2020
Last ModifiedDec 18, 2025

Vulnerability Description

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

= r2
πŸ’»
Microsoft

Windows Server 2012

All versions
πŸ’»
Microsoft

Windows Server 2012

= r2
πŸ’»
Microsoft

Windows Server 2016

All versions
πŸ’»
Microsoft

Windows Server 2019

All versions

References & Advisories

πŸ”— http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
πŸ”— http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350

Related Vulnerabilities

CVE-2009-121610.0

Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windo...

CVE-2008-300910.0

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do no...

CVE-2008-403810.0

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allow...

CVE-2009-008610.0

Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, V...