CVE-2020-0941

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.

The security update addresses the vulnerability by correcting how win32k handles objects in memory.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0941
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01063

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-0941

CVSS3: 5.5

msrc

почти 5 лет назад

Win32k Information Disclosure Vulnerability

GHSA-3g9r-qc5h-97f4

CVSS3: 5.5

github

около 3 лет назад

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250.

BDU:2020-04322

CVSS3: 5.5

fstec

почти 5 лет назад

Уязвимость компонента win32k операционной системы Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 77%

0.01063

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo