7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
This is a Privilege Escalation vulnerability in how all modern versions of Windows and appears to relate to a function in splwow64.exe. Very little has been released on the technical details of the vulnerability, but the affects are fairly large. All versions of Windows after Server 2008 R2 are affected, including ARM versions. Iβm very curous as to what the details are, as I think of only x64 versions when I look at splwow64.exe.
Recent assessments:
bwatters-r7 at July 10, 2019 3:11pm UTC reported:
This is very hard to quantify in any way given the lack of reporting on the internal workings. It is a Priv Esc that affects all recent versions of Windows, though, so it would be a concern. I have seen no PoC for it, though it was used in the wild.
asoto-r7 at July 24, 2019 7:06pm UTC reported:
This is very hard to quantify in any way given the lack of reporting on the internal workings. It is a Priv Esc that affects all recent versions of Windows, though, so it would be a concern. I have seen no PoC for it, though it was used in the wild.
zeroSteiner at May 28, 2020 10:10pm UTC reported:
This is very hard to quantify in any way given the lack of reporting on the internal workings. It is a Priv Esc that affects all recent versions of Windows, though, so it would be a concern. I have seen no PoC for it, though it was used in the wild.
gwillcox-r7 at November 22, 2020 2:46am UTC reported:
This is very hard to quantify in any way given the lack of reporting on the internal workings. It is a Priv Esc that affects all recent versions of Windows, though, so it would be a concern. I have seen no PoC for it, though it was used in the wild.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P