CVE-2020-1337

Опубликовано: 17 авг. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.

Ссылки

http://packetstormsecurity.com/files/160028/Microsoft-Windows-Local-Spooler-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160993/Microsoft-Spooler-Local-Privilege-Elevation.html
Exploit
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337
Patch
Vendor Advisory
http://packetstormsecurity.com/files/160028/Microsoft-Windows-Local-Spooler-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160993/Microsoft-Spooler-Local-Privilege-Elevation.html
Exploit
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.53476

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-367

Связанные уязвимости

CVE-2020-1337

CVSS3: 7.8

msrc

почти 5 лет назад

Windows Print Spooler Elevation of Privilege Vulnerability

GHSA-9mv8-62q2-x7p7

CVSS3: 7.8

github

около 3 лет назад

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

BDU:2020-04024

CVSS3: 7.8

fstec

почти 5 лет назад

Уязвимость службы диспетчера очереди печати операционной системы Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 98%

0.53476

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-367