CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16909
<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16909 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-16907 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16907
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16907 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-16905 – Windows Error Reporting Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16905
<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16905 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-16902 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16902
<p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.</p> Se presenta una vulnerabilidad de escalada de privilegios en Windows Installer cuando el Windows Installer presenta un fallo al sanear apropiadamente la entrada conllevando a un comportamiento de carga de biblioteca no seguro. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16902 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-16900 – Windows Event System Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16900
<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando Windows Event System maneja inapropiadamente objetos en memoria. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16900 •