CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-1350

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score58.7380%
EPSS Percentile86.58th
Published2020年7月14日
Last Modified2025年12月18日

Vulnerability Description

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Affected Platforms (CPE)

💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

= r2
💻
Microsoft

Windows Server 2012

All versions
💻
Microsoft

Windows Server 2012

= r2
💻
Microsoft

Windows Server 2016

All versions
💻
Microsoft

Windows Server 2019

All versions

References & Advisories

🔗 http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
🔗 http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350

関連する脆弱性情報

CVE-2009-121610.0

Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windo...

CVE-2008-300910.0

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do no...

CVE-2008-403810.0

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allow...

CVE-2009-008610.0

Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, V...