VDB

CVE-2020-1577

CVE-2020-1577 PUBLISHED CVSS 7.800000190734863 HIGH

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.

EPSS 22.15% · 95.9th percentile

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
22.15%
95.9th percentile

Affected Products

VendorProductVersions
MicrosoftWindows 10 Version 200410.0.0
MicrosoftWindows Server 2008 R2 Service Pack 16.1.0
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)6.0.0
MicrosoftWindows 8.16.3.0
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.0
MicrosoftWindows Server 2019 (Server Core installation)10.0.0
microsoftwindows_server_2012r2
MicrosoftWindows Server version 200410.0.0
microsoftwindows_server_20161909, 1903, 2004
MicrosoftWindows 10 Version 180310.0.0
microsoftwindows_rt_8.1
MicrosoftWindows Server 2008 Service Pack 26.0.0
microsoftwindows_7
MicrosoftWindows 10 Version 190910.0.0
MicrosoftWindows Server, version 1903 (Server Core installation)10.0.0
MicrosoftWindows Server 20126.2.0
MicrosoftWindows 10 Version 150710.0.0
MicrosoftWindows Server 201610.0.0
microsoftwindows_102004, 1607, 1607
MicrosoftWindows 10 Version 170910.0.0

…and 18 more

Timeline

  • Aug 17, 2020 CVE Published
  • Sep 17, 2020 PoC Published
  • Oct 3, 2020 PoC Published
  • Jan 10, 2021 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 PoC Published
  • Jan 6, 2022 EPSS Score
  • Mar 5, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 3, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›