CVE-2020-1507

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 7.9

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.

To exploit the vulnerability, a user would have to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1507
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1507
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01074

Низкий

7.9 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-1507

CVSS3: 7.9

msrc

почти 5 лет назад

Microsoft COM for Windows Elevation of Privilege Vulnerability

GHSA-p24f-9hfj-fg7m

CVSS3: 7.9

github

около 3 лет назад

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'.

BDU:2020-04295

CVSS3: 7.9

fstec

почти 5 лет назад

Уязвимость компонента Microsoft COM операционных систем Windows, позволяющая нарушителю повысить привилегии

EPSS

Процентиль: 77%

0.01074

Низкий

7.9 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo