CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16876 – Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16876
<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16876 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-16877 – Windows Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16877
<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.</p> <p>The security update addresses the vulnerability by correcting how Windows handles reparse points. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16877 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-0764 – Windows Storage Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0764
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0764 •
CVSS: 9.3EPSS: 2%CPEs: 8EXPL: 0CVE-2020-16967 – Windows Camera Codec Pack Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-16967
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16967 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-1598 – Windows UPnP Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1598
<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The update addresses the vulnerability by correcting how the Windows UPnP service handles objects in memory. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1598 •