Unrated severityCISA KEVNVD Advisory· Published Feb 11, 2020· Updated Oct 21, 2025

CVE-2020-0688

Description

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Affected products

Microsoft/Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30v5
Range: unspecified
Microsoft/Microsoft Exchange Server 2013v5
Range: Cumulative Update 23
Microsoft/Microsoft Exchange Server 2016 Cumulative Update 14v5
Range: unspecified
Microsoft/Microsoft Exchange Server 2016 Cumulative Update 15v5
Range: unspecified
Microsoft/Microsoft Exchange Server 2019 Cumulative Update 3v5
Range: unspecified
Microsoft/Microsoft Exchange Server 2019 Cumulative Update 4v5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.htmlmitrex_refsource_MISC
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688mitrex_refsource_MISC
www.zerodayinitiative.com/advisories/ZDI-20-258/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.076
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060