CVE-2020-0875 – Microsoft splwow64 Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-0875
<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity).</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p> <p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.</p> Se presenta una vulnerabilidad de divulgación de información en la manera en que el archivo splwow64.exe maneja determinadas llamadas, también se conoce como "Microsoft splwow64 Information Disclosure Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875 •
CVE-2020-0870 – Shell infrastructure component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0870
<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0870 •
CVE-2020-0839 – Windows dnsrslvr.dll Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0839
<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.</p> Se presenta una vulnerabilidad de escalada de privilegios en la manera en que la biblioteca dnsrslvr.dll maneja objetos en memoria, también se conoce como "Windows dnsrslvr.dll Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0839 •
CVE-2020-0838 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0838
<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how NTFS checks access.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando NTFS comprueba el acceso inapropiadamente, también se conoce como "NTFS Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0838 •
CVE-2020-0790 – Microsoft splwow64 Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-0790
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p> <p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p> Se presenta una vulnerabilidad de elevación de privilegios local en como el archivo splwow64.exe maneja determinadas llamadas, también se conoce como "Microsoft splwow64 Elevation of Privilege Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790 •