Skip to main content

Windows 10 1903 CVE-2020-0796

CRITICAL
Buffer Overflow (CWE-119)
2020-03-12 secure@microsoft.com
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Mar 12, 2020 - 16:15 nvd
CRITICAL 10.0

DescriptionNVD

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

AnalysisAI

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. Affected products include: Microsoft Windows 10 1903, Microsoft Windows 10 1909, Microsoft Windows Server 1903, Microsoft Windows Server 1909.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2020-1054 HIGH POC
7.8 May 21

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o

CVE-2020-0787 HIGH POC
7.8 Mar 12

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl

CVE-2019-1405 HIGH POC
7.8 Nov 12

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows

CVE-2019-1322 HIGH POC
7.8 Oct 10

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W

CVE-2020-0601 HIGH POC
8.1 Jan 14

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c

CVE-2020-1464 HIGH POC
7.8 Aug 17

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this

CVE-2020-1027 HIGH POC
7.8 Apr 15

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window

CVE-2020-0683 HIGH POC
7.8 Feb 11

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W

CVE-2019-1069 HIGH POC
7.8 Jun 12

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations.

CVE-2020-1020 HIGH
8.8 Apr 15

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly

CVE-2019-0903 HIGH
8.8 May 16

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects

CVE-2020-17087 HIGH
7.8 Nov 11

Windows Kernel Local Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att

Share

CVE-2020-0796 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy