CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-0790 – Microsoft splwow64 Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0790
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p> <p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p> Se presenta una vulnerabilidad de elevación de privilegios local en como el archivo splwow64.exe maneja determinadas llamadas, también se conoce como "Microsoft splwow64 Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-0782 – Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0782
<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0782 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-0766 – Microsoft Store Runtime Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0766
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando Microsoft Store Runtime maneja inapropiadamente la memoria. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0766 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-0648 – Windows RSoP Service Application Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0648
<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando el Windows RSoP Service Application maneja inapropiadamente la memoria. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0648 •
CVSS: 7.6EPSS: 4%CPEs: 13EXPL: 0CVE-2020-0908 – Windows Text Service Module Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0908
<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (Chromium-based), and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0908 •