What is CVE-2020-1167?

CVE-2020-1167 is a vulnerability in Microsoft 3D Builder that allows remote code execution.

What software versions are affected by CVE-2020-1167?

Microsoft 3D Builder and various versions of Microsoft Windows 10 and Windows Server 2016/2019 are affected by CVE-2020-1167.

What is the severity of CVE-2020-1167?

The severity of CVE-2020-1167 is critical with a CVSS score of 7.8.

How can CVE-2020-1167 be exploited?

CVE-2020-1167 can be exploited through user interaction by visiting a malicious page or opening a malicious file.

Are there any references for CVE-2020-1167?

Yes, you can find references for CVE-2020-1167 at the following links: [link1](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167), [link2](https://www.zerodayinitiative.com/advisories/ZDI-20-1247/), [link3](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1167).

Vulnerability/
CVE-2020-1167

critical

9.3

CWE

20 787

16/10/2020

16/1/2024

15/11/2024

CVE-2020-1167: Microsoft 3D Builder GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Fri Oct 16 2020(Updated: )

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix

	=1607
	=1709
	=1803
	=1809
	=1903
	=1909
	=2004


Microsoft Windows 10
Microsoft Windows 10	=1607
Microsoft Windows 10	=1709
Microsoft Windows 10	=1803
Microsoft Windows 10	=1809
Microsoft Windows 10	=1903
Microsoft Windows 10	=1909
Microsoft Windows 10	=2004
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft 3D Builder

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-1167?
CVE-2020-1167 is a vulnerability in Microsoft 3D Builder that allows remote code execution.
What software versions are affected by CVE-2020-1167?
Microsoft 3D Builder and various versions of Microsoft Windows 10 and Windows Server 2016/2019 are affected by CVE-2020-1167.
What is the severity of CVE-2020-1167?
The severity of CVE-2020-1167 is critical with a CVSS score of 7.8.
How can CVE-2020-1167 be exploited?
CVE-2020-1167 can be exploited through user interaction by visiting a malicious page or opening a malicious file.
Are there any references for CVE-2020-1167?
Yes, you can find references for CVE-2020-1167 at the following links: [link1](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167), [link2](https://www.zerodayinitiative.com/advisories/ZDI-20-1247/), [link3](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1167).

agent/type
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/references
agent/severity
agent/title
agent/weakness
agent/remedy
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-20-1247
alias/ZDI-CAN-11174
alias/CVE-2020-1167
agent/software-canonical-lookup
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
collector/mitre-cve
source/MITRE
vendor/microsoft
canonical/microsoft 3d builder
canonical/microsoft windows 10
version/microsoft windows 10/1607
version/microsoft windows 10/1709
version/microsoft windows 10/1803
version/microsoft windows 10/1809
version/microsoft windows 10/1903
version/microsoft windows 10/1909
version/microsoft windows 10/2004
canonical/microsoft windows server 2016
canonical/microsoft windows server 2019