CVE Tools
Sign in

CVE-2020-1567

MSHTML Engine Remote Code Execution Vulnerability

Published: Aug 17, 2020Updated: Feb 23, 2026 Sources: CVE List NVD BDUNVD-CWE-noinfo
NVD MITRE
4.2CVSSMEDIUM
EPSS Score
3.7%
Top 11.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input.

CVSS Vector Breakdown

AV:NAC:HPR:NUI:RS:UC:LI:LA:N
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

NVD-CWE-noinfo

Affected Products

internet explorermicrosoft
On-premDesktop App
Consumer Software / browser
Internet Explorer 11Microsoft
On-premDesktop App
Consumer Software / browser
Internet Explorer 9Microsoft
On-premDesktop App
Consumer Software / browser
Internet ExplorerMicrosoft Corp
Desktop App
Consumer Software / browser
microsoftcommercialUSOperating Systems
microsoft corpcommercialUSOperating Systemsaka microsoft corporation

Exploitability

Official Patch Available

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567
portal.msrc.microsoft.com
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567
portal.msrc.microsoft.com
https://nvd.nist.gov/vuln/detail/CVE-2020-1567
nvd.nist.gov

Timeline

Published
Aug 17, 2020
Last Updated
Feb 23, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-1567 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows