CVE-2020-0675
https://notcve.org/view.php?id=CVE-2020-0675
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. Se presenta una vulnerabilidad de divulgación de información en el servicio Cryptography Next Generation (CNG) cuando no puede manejar apropiadamente los objetos en la memoria. Para explotar esta vulnerabilidad, un atacante tendría que iniciar sesión en un sistema afectado y ejecutar una aplicación especialmente diseñada. La actualización de seguridad aborda esta vulnerabilidad mediante la corrección de cómo el servicio maneja los objetos en la memoria, también se conoce como "Windows Key Isolation Service Information Disclosure Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675 •
CVE-2020-0673
https://notcve.org/view.php?id=CVE-2020-0673
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el motor de script maneja los objetos en la memoria en Internet Explorer, también se conoce como ""Scripting Engine Memory Corruption Vulnerability"". Este ID de CVE es diferente de CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673 • CWE-787: Out-of-bounds Write •
CVE-2020-0674 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el motor de scripting maneja los objetos en la memoria en Internet Explorer, también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID de CVE es diferente de CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. • https://www.exploit-db.com/exploits/49062 https://www.exploit-db.com/exploits/49863 https://github.com/maxpl0it/CVE-2020-0674-Exploit https://github.com/Ken-Abruzzi/CVE-2020-0674 https://github.com/Neko-chanQwQ/CVE-2020-0674-PoC http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.html http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use • CWE-416: Use After Free •
CVE-2020-0668 – Microsoft Windows Service Tracing Arbitrary File Move Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-0668
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que el kernel de Windows maneja los objetos en la memoria, también se conoce como "Windows Kernel Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. • https://github.com/RedCursorSecurityConsulting/CVE-2020-0668 https://github.com/ycdxsb/CVE-2020-0668 https://github.com/Nan3r/CVE-2020-0668 https://github.com/bypazs/CVE-2020-0668.exe http://packetstormsecurity.com/files/156576/Microsoft-Windows-Kernel-Privilege-Escalation.html http://packetstormsecurity.com/files/157615/Service-Tracing-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668 https://www.zerodayinitiative.com/advisories/ZDI-20-257 https: • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-0666
https://notcve.org/view.php?id=CVE-2020-0666
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que Windows Search Indexer maneja los objetos en la memoria, también se conoce como "Windows Search Indexer Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-0667, CVE-2020-0735, CVE-2020-0752. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666 •