CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-0839 – Windows dnsrslvr.dll Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0839
<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.</p> Se presenta una vulnerabilidad de escalada de privilegios en la manera en que la biblioteca dnsrslvr.dll maneja objetos en memoria, también se conoce como "Windows dnsrslvr.dll Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0839 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-0838 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0838
<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how NTFS checks access.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando NTFS comprueba el acceso inapropiadamente, también se conoce como "NTFS Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0838 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-0805 – Projected Filesystem Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-0805
<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0805 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-0836 – Windows DNS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-0836
<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.</p> <p>The update addresses the vulnerability by correcting how Windows DNS processes queries.</p> Se presenta una vulnerabilidad de denegación de servicio en Windows DNS cuando presenta un fallo al manejar apropiadamente las consultas, también se conoce como "Windows DNS Denial of Service Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0836 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-0790 – Microsoft splwow64 Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0790
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p> <p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p> Se presenta una vulnerabilidad de elevación de privilegios local en como el archivo splwow64.exe maneja determinadas llamadas, también se conoce como "Microsoft splwow64 Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790 •