Search

Find a vulnerability

Search criteria

    82 vulnerabilities found for windows_10_1709 by microsoft

    CVE-2022-38396 (GCVE-0-2022-38396)

    Vulnerability from nvd – Published: 2023-02-03 16:53 – Updated: 2025-03-25 20:40
    VLAI
    Summary
    HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP Factory Preinstalled Windows 10 20H2 Images Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:40:13.058763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:40:17.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP Factory Preinstalled Windows 10 20H2 Images",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-12T01:45:42.615Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-38396",
        "datePublished": "2023-02-03T16:53:47.447Z",
        "dateReserved": "2022-08-17T21:59:36.745Z",
        "dateUpdated": "2025-03-25T20:40:17.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1464 (GCVE-0-2020-1464)

    Vulnerability from nvd – Published: 2020-08-17 19:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Title
    Windows Spoofing Vulnerability
    Summary
    A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2020-08-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:39:09.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1464",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:42:38.870747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:37.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1464 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.\nIn an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.\nThe update addresses the vulnerability by correcting how Windows validates file signatures."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T16:32:23.703Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
            }
          ],
          "title": "Windows Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1464",
        "datePublished": "2020-08-17T19:13:03.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:37.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0986 (GCVE-0-2020-0986)

    Vulnerability from nvd – Published: 2020-06-09 19:43 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 2004 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:18:03.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0986",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:01:08.808827Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:42.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0986 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 2004 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T19:06:10.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0986",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 2004 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0986",
        "datePublished": "2020-06-09T19:43:14.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:42.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1054 (GCVE-0-2020-1054)

    Vulnerability from nvd – Published: 2020-05-21 22:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:01.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1054",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:00.273331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:43.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1054 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-15T17:06:13.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1054",
        "datePublished": "2020-05-21T22:52:50.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:43.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1027 (GCVE-0-2020-1027)

    Vulnerability from nvd – Published: 2020-04-15 15:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:00.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1027",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:06.659846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2020-1027 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-12T16:10:23.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1027",
        "datePublished": "2020-04-15T15:13:29.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1020 (GCVE-0-2020-1020)

    Vulnerability from nvd – Published: 2020-04-15 15:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:00.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1020",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:47.948142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1020 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T15:13:27.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1020",
        "datePublished": "2020-04-15T15:13:27.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0938 (GCVE-0-2020-0938)

    Vulnerability from nvd – Published: 2020-04-15 15:12 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:18:03.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0938",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T18:38:08.532789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0938"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0938"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0938 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-05T17:06:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
                },
                {
                  "name": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0938",
        "datePublished": "2020-04-15T15:12:55.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0787 (GCVE-0-2020-0787)

    Vulnerability from nvd – Published: 2020-03-12 15:48 – Updated: 2025-10-21 23:35
    VLAI CISA ENISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0787",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:15:57.792378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-01-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:48.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-01-28T00:00:00.000Z",
                "value": "CVE-2020-0787 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-11T18:06:06.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0787",
        "datePublished": "2020-03-12T15:48:16.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:48.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0683 (GCVE-0-2020-0683)

    Vulnerability from nvd – Published: 2020-02-11 21:22 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0683",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:16:53.203610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0683"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:51.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0683"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0683 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0686."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-20T16:53:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0686."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0683",
        "datePublished": "2020-02-11T21:22:57.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:51.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0638 (GCVE-0-2020-0638)

    Vulnerability from nvd – Published: 2020-01-14 23:11 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server Affected: 2019
    Affected: 2019 (Core installation)
    Affected: version 1803 (Core Installation)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0638",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:20:05.875582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:53.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2020-0638 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-14T23:11:35.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0638",
        "datePublished": "2020-01-14T23:11:35.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:53.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0601 (GCVE-0-2020-0601)

    Vulnerability from nvd – Published: 2020-01-14 23:11 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0601",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:27:42.659796Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:53.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0601 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-16T17:06:04.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0601",
        "datePublished": "2020-01-14T23:11:20.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:53.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1405 (GCVE-0-2019-1405)

    Vulnerability from nvd – Published: 2019-11-12 18:53 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:26.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1405",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:29:36.885227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1405"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.095Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1405"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1405 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-18T23:05:59.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1405",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1405",
        "datePublished": "2019-11-12T18:53:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1388 (GCVE-0-2019-1388)

    Vulnerability from nvd – Published: 2019-11-12 18:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1388",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:12:26.687236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-04-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-04-07T00:00:00.000Z",
                "value": "CVE-2019-1388 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka \u0027Windows Certificate Dialog Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T00:06:50.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1388",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka \u0027Windows Certificate Dialog Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1388",
        "datePublished": "2019-11-12T18:52:54.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1385 (GCVE-0-2019-1385)

    Vulnerability from nvd – Published: 2019-11-12 18:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1385",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:32.792832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-1385 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \u0027Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T00:06:46.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1385",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \u0027Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1385",
        "datePublished": "2019-11-12T18:52:54.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1315 (GCVE-0-2019-1315)

    Vulnerability from nvd – Published: 2019-10-10 13:28 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1315",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:47.421401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.583Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1315 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T13:28:40.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1315",
        "datePublished": "2019-10-10T13:28:40.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38396 (GCVE-0-2022-38396)

    Vulnerability from cvelistv5 – Published: 2023-02-03 16:53 – Updated: 2025-03-25 20:40
    VLAI
    Summary
    HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP Factory Preinstalled Windows 10 20H2 Images Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:40:13.058763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:40:17.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP Factory Preinstalled Windows 10 20H2 Images",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-12T01:45:42.615Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-38396",
        "datePublished": "2023-02-03T16:53:47.447Z",
        "dateReserved": "2022-08-17T21:59:36.745Z",
        "dateUpdated": "2025-03-25T20:40:17.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1464 (GCVE-0-2020-1464)

    Vulnerability from cvelistv5 – Published: 2020-08-17 19:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Title
    Windows Spoofing Vulnerability
    Summary
    A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < publication (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2020-08-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:39:09.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1464",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:42:38.870747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:37.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1464 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.\nIn an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.\nThe update addresses the vulnerability by correcting how Windows validates file signatures."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T16:32:23.703Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
            }
          ],
          "title": "Windows Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1464",
        "datePublished": "2020-08-17T19:13:03.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:37.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0986 (GCVE-0-2020-0986)

    Vulnerability from cvelistv5 – Published: 2020-06-09 19:43 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 2004 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:18:03.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0986",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:01:08.808827Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:42.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0986 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 2004 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 2004 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T19:06:10.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0986",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 2004 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 2004 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0986",
        "datePublished": "2020-06-09T19:43:14.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:42.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1054 (GCVE-0-2020-1054)

    Vulnerability from cvelistv5 – Published: 2020-05-21 22:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:01.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1054",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:00.273331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:43.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1054 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-15T17:06:13.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1054",
        "datePublished": "2020-05-21T22:52:50.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:43.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1027 (GCVE-0-2020-1027)

    Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:00.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1027",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:06.659846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2020-1027 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-12T16:10:23.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1027",
        "datePublished": "2020-04-15T15:13:29.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1020 (GCVE-0-2020-1020)

    Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:25:00.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-1020",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:14:47.948142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-1020 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T15:13:27.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-1020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1020",
        "datePublished": "2020-04-15T15:13:27.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0938 (GCVE-0-2020-0938)

    Vulnerability from cvelistv5 – Published: 2020-04-15 15:12 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:18:03.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0938",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T18:38:08.532789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0938"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:46.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0938"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0938 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-05T17:06:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938"
                },
                {
                  "name": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/161299/Apple-CoreText-libFontParser.dylib-Stack-Corruption.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0938",
        "datePublished": "2020-04-15T15:12:55.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:46.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0787 (GCVE-0-2020-0787)

    Vulnerability from cvelistv5 – Published: 2020-03-12 15:48 – Updated: 2025-10-21 23:35
    VLAI CISA ENISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0787",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:15:57.792378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-01-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:48.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-01-28T00:00:00.000Z",
                "value": "CVE-2020-0787 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-11T18:06:06.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0787",
        "datePublished": "2020-03-12T15:48:16.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:48.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0683 (GCVE-0-2020-0683)

    Vulnerability from cvelistv5 – Published: 2020-02-11 21:22 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0683",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:16:53.203610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0683"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:51.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0683"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0683 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0686."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-20T16:53:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0686."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0683",
        "datePublished": "2020-02-11T21:22:57.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:51.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0638 (GCVE-0-2020-0638)

    Vulnerability from cvelistv5 – Published: 2020-01-14 23:11 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server Affected: 2019
    Affected: 2019 (Core installation)
    Affected: version 1803 (Core Installation)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0638",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:20:05.875582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:53.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2020-0638 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-14T23:11:35.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0638",
        "datePublished": "2020-01-14T23:11:35.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:53.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0601 (GCVE-0-2020-0601)

    Vulnerability from cvelistv5 – Published: 2020-01-14 23:11 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1909 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0601",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:27:42.659796Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:53.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0601 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1909 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1909 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-16T17:06:04.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1909 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0601",
        "datePublished": "2020-01-14T23:11:20.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:53.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1405 (GCVE-0-2019-1405)

    Vulnerability from cvelistv5 – Published: 2019-11-12 18:53 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:26.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1405",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T15:29:36.885227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1405"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.095Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1405"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1405 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-18T23:05:59.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1405",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1405",
        "datePublished": "2019-11-12T18:53:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1385 (GCVE-0-2019-1385)

    Vulnerability from cvelistv5 – Published: 2019-11-12 18:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1385",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:32.792832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-1385 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \u0027Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T00:06:46.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1385",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \u0027Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1385",
        "datePublished": "2019-11-12T18:52:54.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1388 (GCVE-0-2019-1388)

    Vulnerability from cvelistv5 – Published: 2019-11-12 18:52 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1388",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:12:26.687236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-04-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:58.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-04-07T00:00:00.000Z",
                "value": "CVE-2019-1388 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka \u0027Windows Certificate Dialog Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T00:06:50.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1388",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka \u0027Windows Certificate Dialog Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-975/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1388",
        "datePublished": "2019-11-12T18:52:54.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:58.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1315 (GCVE-0-2019-1315)

    Vulnerability from cvelistv5 – Published: 2019-10-10 13:28 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1315",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:47.421401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.583Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1315 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T13:28:40.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1315",
        "datePublished": "2019-10-10T13:28:40.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }