CVE-2020-0875

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity).

This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.

The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.22378

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-0875

CVSS3: 5.5

msrc

почти 5 лет назад

Microsoft splwow64 Information Disclosure Vulnerability

GHSA-fqx6-v4f3-6f2w

CVSS3: 5.5

github

около 3 лет назад

An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'.

BDU:2020-04366

CVSS3: 5.5

fstec

почти 5 лет назад

Уязвимость исполняемого файла splwow64.exe операционных систем Microsoft Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 96%

0.22378

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo