CVE-2020-1385

Опубликовано: 14 июл. 2020

Источник: msrc

CVSS3: 4.5

EPSS Низкий

Описание

Windows Credential Picker Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by correcting how the Windows Credential Picker handles objects in memory.

Обновления

Продукт	Статья	Обновление
Windows Server 2012	4565537 4565535	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	4565537 4565535	Monthly Rollup Security Only
Windows 8.1 for 32-bit systems	4565541 4565540	Monthly Rollup Security Only
Windows 8.1 for x64-based systems	4565541 4565540	Monthly Rollup Security Only
Windows Server 2012 R2	4565541 4565540	Monthly Rollup Security Only
Windows RT 8.1	4565541	-
Windows Server 2012 R2 (Server Core installation)	4565541 4565540	Monthly Rollup Security Only
Windows 10 for 32-bit Systems	4565513	Security Update
Windows 10 for x64-based Systems	4565513	Security Update
Windows Server 2016	4565511	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 47%

0.00243

Низкий

4.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-1385

CVSS3: 7.8

nvd

больше 5 лет назад

An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'.

GHSA-c2w5-xj35-qmx4

github

больше 3 лет назад