Login Sign Up

CVE-2020-1568

7.5 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-1568 is a remote code execution vulnerability in Microsoft Edge PDF Reader that allows attackers to execute arbitrary code by tricking users into opening malicious PDF files. This affects users running vulnerable versions of Microsoft Edge with the built-in PDF reader enabled. Successful exploitation gives attackers the same privileges as the current user.

💻 Affected Systems

Products:
  • Microsoft Edge
Versions: Microsoft Edge versions prior to the security update released in August 2020
Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Microsoft Edge with built-in PDF reader; other PDF readers are not affected.

📦 What is this software?

Edge by Microsoft

View all CVEs affecting Edge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, and complete system control.

🟠

Likely Case

Limited user account compromise leading to data exfiltration, credential theft, and lateral movement within the network.

🟢

If Mitigated

No impact if patched or if PDF reader is disabled; limited impact if user has minimal privileges.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious PDF) but can be delivered via websites or email.
🏢 Internal Only: LOW - Still requires user interaction; internal systems typically have more controlled content sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious PDF) but no authentication. No public exploit code was widely reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microsoft Edge version with August 2020 security updates

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568

Restart Required: Yes

Instructions:

1. Open Microsoft Edge. 2. Click Settings (three dots) > Help and feedback > About Microsoft Edge. 3. Allow automatic update or download latest version from Microsoft. 4. Restart browser and system if prompted.

🔧 Temporary Workarounds

Disable built-in PDF reader

windows

Configure Microsoft Edge to use alternative PDF readers instead of the vulnerable built-in component.

edge://settings/content/pdfDocuments
Toggle 'Open PDF files in Microsoft Edge' to OFF

🧯 If You Can't Patch

  • Disable Microsoft Edge PDF reader and use alternative PDF software
  • Implement application whitelisting to block unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Microsoft Edge version in Settings > About Microsoft Edge. If version predates August 2020 updates, system is vulnerable.

Check Version:

Start Microsoft Edge, navigate to edge://settings/help or check About Microsoft Edge

Verify Fix Applied:

Verify Microsoft Edge version is updated to August 2020 or later security update version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected PDF file openings in Edge
  • Crash reports from Microsoft Edge PDF reader
  • Unusual process spawning from Microsoft Edge

Network Indicators:

  • Downloads of PDF files from untrusted sources
  • Network connections initiated after PDF opening

SIEM Query:

Process Creation where Parent Process contains 'msedge.exe' AND Command Line contains unexpected executables

📊 Metadata

CVE ID: CVE-2020-1568
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: August 17, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON