CVE-2020-17087
ENISA EUVD: EUVD-2020-9042 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
10 articles
EPSS Score
Source: FIRST.org · 2026-05-24
20.41%
probability
This CVE has a 20.41% probability
of being exploited in the next 30 days.
0%
Top 95.6th percentile of all CVEs
100%
CVSS v3.1
Source: NVD7.8
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Functional
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Description
Project ZeroHeap buffer overflow in cng.sys IOCTL 0x390400
Affected Products
Google Project Zero
Discovered
Oct. 22, 2020
Patched
Nov. 10, 2020
Reported by
Google Project Zero
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-17087.html
Exploits & PoC
raiden757/CVE-2020-17087
PoC CVE-2020-17087 — raiden757/CVE-2020-17087
0
1 repo — triés par ⭐
Rechercher sur GitHub ↗
Google patches one more actively exploited Chrome zero-day
BleepingComputer
Nov 02, 2020
Microsoft fixes Windows zero-day disclosed by Google last month
BleepingComputer
Nov 10, 2020
Google fixes more Chrome zero-days exploited in the wild
BleepingComputer
Nov 12, 2020
Windows kernel zero-day vulnerability used in targeted attacks
BleepingComputer
Oct 30, 2020
January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One Zero Day, Adobe
Qualys
Jan 12, 2021
Hacking group used 11 zero-days to attack Windows, iOS, Android users
BleepingComputer
Mar 20, 2021
Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities
BleepingComputer
Nov 10, 2020
Signal Intelligence
Confidence
95%
EPSS
20.41%
CVSS v3.1
7.8
Mentions
10
Last Seen
Mar 20, 2021
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026