Page 38 of 1825 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16909 •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16907 •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16905 •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

<p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.</p> Se presenta una vulnerabilidad de escalada de privilegios en Windows Installer cuando el Windows Installer presenta un fallo al sanear apropiadamente la entrada conllevando a un comportamiento de carga de biblioteca no seguro. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16902 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1

<p>A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. • https://github.com/advanced-threat-research/CVE-2020-16899 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16899 •