A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1064