An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686.
Recent assessments:
J3rryBl4nks at March 03, 2020 3:13pm UTC reported:
This privilege escalation through how MSI packages handle symlinks is easily exploitable. Due to the POC being public: <https://github.com/padovah4ck/CVE-2020-0683> it is easy to craft your own exploits for this.
Any org without a good patching cadence.would be vulnerable to this as a valid privilege escalation vector.
cdelafuente-r7 at February 26, 2020 7:03pm UTC reported:
This privilege escalation through how MSI packages handle symlinks is easily exploitable. Due to the POC being public: <https://github.com/padovah4ck/CVE-2020-0683> it is easy to craft your own exploits for this.
Any org without a good patching cadence.would be vulnerable to this as a valid privilege escalation vector.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4