Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-562
Vulnerability from certfr_avis - Published: 2020-09-09 - Updated: 2020-09-09
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une exécution de code à distance, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données, un déni de service, une élévation de privilèges et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2008 pour x64 Systems Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 Version 2004 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1709 pour x64 Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 pour x64 Systems | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server, version 2004 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows 10 Version 1803 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server, version 1803 (Server Core Installation) | ||
| Microsoft | Windows | Windows 10 Version 1903 pour x64 Systems | ||
| Microsoft | Windows | Windows 10 Version 1709 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1903 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 2004 pour x64 Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 pour x64 Systems | ||
| Microsoft | Windows | Windows 8.1 pour x64 systems | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1809 pour x64 Systems | ||
| Microsoft | Windows | Windows 10 Version 1709 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1803 pour x64 Systems | ||
| Microsoft | Windows | Windows 10 Version 2004 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | OneDrive pour Windows | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1803 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server, version 1909 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour x64 Systems Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1903 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1607 pour x64 Systems | ||
| Microsoft | Windows | Windows 7 pour x64 Systems Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour x64 Systems Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 pour x64 Systems Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server, version 1903 (Server Core installation) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2008 pour x64 Systems Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 2004 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1803 (Server Core Installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour x64 systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "OneDrive pour Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1909 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour x64 Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour x64 Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour x64 Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour x64 Systems Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour x64 Systems Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1903 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0648"
},
{
"name": "CVE-2020-1030",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1030"
},
{
"name": "CVE-2020-1052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1052"
},
{
"name": "CVE-2020-1091",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1091"
},
{
"name": "CVE-2020-0928",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0928"
},
{
"name": "CVE-2020-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0904"
},
{
"name": "CVE-2020-0836",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0836"
},
{
"name": "CVE-2020-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0837"
},
{
"name": "CVE-2020-0886",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0886"
},
{
"name": "CVE-2020-1491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1491"
},
{
"name": "CVE-2020-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1252"
},
{
"name": "CVE-2020-1508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1508"
},
{
"name": "CVE-2020-0921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0921"
},
{
"name": "CVE-2020-1031",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1031"
},
{
"name": "CVE-2020-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1228"
},
{
"name": "CVE-2020-0890",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0890"
},
{
"name": "CVE-2020-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0839"
},
{
"name": "CVE-2020-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1256"
},
{
"name": "CVE-2020-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0838"
},
{
"name": "CVE-2020-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0941"
},
{
"name": "CVE-2020-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0922"
},
{
"name": "CVE-2020-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1559"
},
{
"name": "CVE-2020-1169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1169"
},
{
"name": "CVE-2020-1038",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1038"
},
{
"name": "CVE-2020-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1098"
},
{
"name": "CVE-2020-16852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16852"
},
{
"name": "CVE-2020-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1074"
},
{
"name": "CVE-2020-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0870"
},
{
"name": "CVE-2020-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1159"
},
{
"name": "CVE-2020-0782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0782"
},
{
"name": "CVE-2020-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1245"
},
{
"name": "CVE-2020-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1013"
},
{
"name": "CVE-2020-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1532"
},
{
"name": "CVE-2020-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0989"
},
{
"name": "CVE-2020-1130",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1130"
},
{
"name": "CVE-2020-1034",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1034"
},
{
"name": "CVE-2020-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1129"
},
{
"name": "CVE-2020-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1376"
},
{
"name": "CVE-2020-16854",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16854"
},
{
"name": "CVE-2020-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1152"
},
{
"name": "CVE-2020-0951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0951"
},
{
"name": "CVE-2020-1507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1507"
},
{
"name": "CVE-2020-0664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0664"
},
{
"name": "CVE-2020-16879",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16879"
},
{
"name": "CVE-2020-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0998"
},
{
"name": "CVE-2020-16853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16853"
},
{
"name": "CVE-2020-1133",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1133"
},
{
"name": "CVE-2020-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1097"
},
{
"name": "CVE-2020-0911",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0911"
},
{
"name": "CVE-2020-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1308"
},
{
"name": "CVE-2020-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0718"
},
{
"name": "CVE-2020-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1285"
},
{
"name": "CVE-2020-0856",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0856"
},
{
"name": "CVE-2020-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1319"
},
{
"name": "CVE-2020-0914",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0914"
},
{
"name": "CVE-2020-0805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0805"
},
{
"name": "CVE-2020-1598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1598"
},
{
"name": "CVE-2020-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1033"
},
{
"name": "CVE-2020-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1303"
},
{
"name": "CVE-2020-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0908"
},
{
"name": "CVE-2020-1083",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1083"
},
{
"name": "CVE-2020-1119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1119"
},
{
"name": "CVE-2020-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0997"
},
{
"name": "CVE-2020-1250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1250"
},
{
"name": "CVE-2020-16851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16851"
},
{
"name": "CVE-2020-1146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1146"
},
{
"name": "CVE-2020-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1122"
},
{
"name": "CVE-2020-1596",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1596"
},
{
"name": "CVE-2020-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1115"
},
{
"name": "CVE-2020-1590",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1590"
},
{
"name": "CVE-2020-0790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0790"
},
{
"name": "CVE-2020-0766",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0766"
},
{
"name": "CVE-2020-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1593"
},
{
"name": "CVE-2020-0875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0875"
},
{
"name": "CVE-2020-1039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1039"
},
{
"name": "CVE-2020-1592",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1592"
},
{
"name": "CVE-2020-1053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1053"
},
{
"name": "CVE-2020-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1471"
},
{
"name": "CVE-2020-0761",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0761"
},
{
"name": "CVE-2020-1589",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1589"
},
{
"name": "CVE-2020-0912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0912"
}
],
"initial_release_date": "2020-09-09T00:00:00",
"last_revision_date": "2020-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code \u00e0 distance, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es, un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 septembre 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2020-0912 (GCVE-0-2020-0912)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p>
<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>
<p>The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 7 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:* |
|
| Microsoft | Windows 7 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 7 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.\u003c/p\u003e\n\u003cp\u003eTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:27.517Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0912"
}
],
"title": "Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0912",
"datePublished": "2020-09-11T17:08:30.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0914 (GCVE-0-2020-0914)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows State Repository Service Information Disclosure Vulnerability
Summary
<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p>
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\u003c/p\u003e\n\u003cp\u003eAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:28.175Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0914"
}
],
"title": "Windows State Repository Service Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0914",
"datePublished": "2020-09-11T17:08:30.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0921 (GCVE-0-2020-0921)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Microsoft Graphics Component Denial of Service Vulnerability
Summary
Microsoft Graphics Component Denial of Service Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 7 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:* |
|
| Microsoft | Windows 7 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 7 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Graphics Component Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:28.678Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0921"
}
],
"title": "Microsoft Graphics Component Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0921",
"datePublished": "2020-09-11T17:08:31.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0922 (GCVE-0-2020-0922)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Microsoft COM for Windows Remote Code Execution Vulnerability
Summary
<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p>
<p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 7 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:* |
|
| Microsoft | Windows 7 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 7 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:29.200Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922"
}
],
"title": "Microsoft COM for Windows Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0922",
"datePublished": "2020-09-11T17:08:31.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0928 (GCVE-0-2020-0928)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows Kernel Information Disclosure Vulnerability
Summary
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p>
<p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\u003c/p\u003e\n\u003cp\u003eTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:29.716Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0928"
}
],
"title": "Windows Kernel Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0928",
"datePublished": "2020-09-11T17:08:32.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0941 (GCVE-0-2020-0941)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Win32k Information Disclosure Vulnerability
Summary
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p>
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how win32k handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:30.210Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941"
}
],
"title": "Win32k Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0941",
"datePublished": "2020-09-11T17:08:32.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0951 (GCVE-0-2020-0951)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows Defender Application Control Security Feature Bypass Vulnerability
Summary
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p>
<p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p>
<p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p>
Severity
CWE
- Security Feature Bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | PowerShell 7.0 |
Affected:
7.0.0 , < 7.0.8
(custom)
cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:* |
|
| Microsoft | PowerShell 7.1 |
Affected:
7.1.0 , < 7.1.5
(custom)
cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "PowerShell 7.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:30.718Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951"
}
],
"title": "Windows Defender Application Control Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0951",
"datePublished": "2020-09-11T17:08:33.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0989 (GCVE-0-2020-0989)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
Summary
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.</p>
<p>The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.</p>
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.\u003c/p\u003e\n\u003cp\u003eTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:31.255Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0989"
}
],
"title": "Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0989",
"datePublished": "2020-09-11T17:08:33.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0997 (GCVE-0-2020-0997)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-08-04 06:18
VLAI
EPSS
Title
Windows Camera Codec Pack Remote Code Execution Vulnerability
Summary
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.</p>
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1175/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:31.780Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1175/"
}
],
"title": "Windows Camera Codec Pack Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0997",
"datePublished": "2020-09-11T17:08:34.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:18:03.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0998 (GCVE-0-2020-0998)
Vulnerability from cvelistv5 – Published: 2020-09-11 17:08 – Updated: 2024-11-18 17:44
VLAI
EPSS
Title
Windows Graphics Component Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p>
<p>The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.</p>
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-09-08 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0998"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-0998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T18:26:18.362106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T17:44:29.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\u003c/p\u003e\n\u003cp\u003eIn a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T21:34:32.295Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0998"
}
],
"title": "Windows Graphics Component Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0998",
"datePublished": "2020-09-11T17:08:34.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-11-18T17:44:29.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…