Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-1112

Опубликовано: 12 мая 2020
Источник: msrc
CVSS3: 8.5
EPSS Низкий

Описание

Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.

To exploit this vulnerability, an attacker would require permissions to upload files via BITS. An attacker could then submit a specially crafted request to upload a file.

The security update addresses the vulnerability by correcting how Windows BITS validates file names.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
45568604556854
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
45568604556854
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
45568604556854
Monthly RollupSecurity Only
Windows 7 for 32-bit Systems Service Pack 1
45568364556843
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
45568364556843
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
45568364556843
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
45568364556843
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
45568604556854
Monthly RollupSecurity Only
Windows Server 2012
45568404556852
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
45568404556852
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 80%
0.01366
Низкий

8.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-1112

CVSS3: 9.9
nvd
больше 5 лет назад

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

github логотип

GHSA-2p7m-73cj-2m99

github
больше 3 лет назад

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

fstec логотип

BDU:2020-02309

CVSS3: 8.5
fstec
больше 5 лет назад

Уязвимость службы фоновой интеллектуальной передачи файлов между клиентом и HTTP-сервером Windows Background Intelligent Transfer Service (BITS) операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 80%
0.01366
Низкий

8.5 High

CVSS3