CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1379 – Media Foundation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-1379
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. Se presenta una vulnerabilidad de corrupción de memoria cuando Windows Media Foundation maneja inapropiadamente objetos en memoria, también se conoce como "Media Foundation Memory Corruption Vulnerability". Este ID de CVE es diferente de CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2020-1378 – Windows Registry Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1378
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. Se presenta una vulnerabilidad de elevación de privilegios cuando la Windows Kernel API, maneja inapropiadamente los objetos de registro en memoria, también se conoce como "Windows Registry Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1377. The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation. • http://packetstormsecurity.com/files/158939/Microsoft-Windows-CmpDoReadTxRBigLogRecord-Memory-Corruption-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1378 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1377 – Windows Registry Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1377
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. Se presenta una vulnerabilidad de elevación de privilegios cuando la Windows Kernel API, maneja inapropiadamente los objetos de registro en memoria, también se conoce como "Windows Registry Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1378. The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege. • http://packetstormsecurity.com/files/158938/Microsoft-Windows-CmpDoReDoCreateKey-Arbitrary-Registry-Key-Creation-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1377 •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2020-1339 – Windows Media Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1339
A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. Se presenta una vulnerabilidad de ejecución de código remota cuando Windows Media Audio Codec, maneja inapropiadamente los objetos, también se conoce como "Windows Media Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339 •
CVSS: 9.3EPSS: 2%CPEs: 22EXPL: 0CVE-2020-1046 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1046
A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. Se presenta una vulnerabilidad de ejecución de código remota cuando Microsoft .NET Framework procesa una entrada, también se conoce como ".NET Framework Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046 •