AttackerKBAKB:4D0C4C5F-A938-4DC3-970F-F163624E08CCCVE-2020-0791
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0898.
Recent assessments:
zeroSteiner at April 24, 2020 10:02pm UTC reported:
An out of bounds dereference exists within the kernel-mode function win32kfull!vStrWrite01 that can be triggered from user-mode by calling gdi32!StretchBlt with a specially sized canvas and a specific raster operation (SRCERASE).
StretchBlt(hdc, 0x0, 0x2, 0x100, 0x1, hdc, 0x0, 0x0, 0x400, 0x8000, SRCERASE)
The vulnerability could be leveraged as an information leak.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 2
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C