Lucene search

[email protected]CVE-2020-0941

HistorySep 11, 2020 - 5:15 p.m.

CVE-2020-0941

2020-09-1117:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve

information disclosure

vulnerability

win32k

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.7%

JSON

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
The security update addresses the vulnerability by correcting how win32k handles objects in memory.

VendorProductVersionCPE
microsoftwindows_10_180310.0.0cpe:2.3:o:microsoft:windows_10_1803:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_180910.0.0cpe:2.3:o:microsoft:windows_10_1809:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server_201910.0.0cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server_201910.0.0cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_190910.0.0cpe:2.3:o:microsoft:windows_10_1909:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server,_version_190910.0.0cpe:2.3:o:microsoft:windows_server,_version_1909:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1709 for 32-bit systems10.0.0cpe:2.3:o:microsoft:windows_10_1709 for 32-bit systems:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_170910.0.0cpe:2.3:o:microsoft:windows_10_1709:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1903 for 32-bit systems10.0.0cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1903 for x64-based systems10.0.0cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:10.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10_1803	10.0.0	cpe:2.3:o:microsoft:windows_10_1803:10.0.0:::::::*
microsoft	windows_10_1809	10.0.0	cpe:2.3:o:microsoft:windows_10_1809:10.0.0:::::::*
microsoft	windows_server_2019	10.0.0	cpe:2.3:o:microsoft:windows_server_2019:10.0.0:::::::*
microsoft	windows_server_2019	10.0.0	cpe:2.3:o:microsoft:windows_server_2019:10.0.0:::::::*
microsoft	windows_10_1909	10.0.0	cpe:2.3:o:microsoft:windows_10_1909:10.0.0:::::::*
microsoft	windows_server,_version_1909	10.0.0	cpe:2.3:o:microsoft:windows_server,_version_1909:10.0.0:::::::*
microsoft	windows_10_1709 for 32-bit systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1709 for 32-bit systems:10.0.0:::::::*
microsoft	windows_10_1709	10.0.0	cpe:2.3:o:microsoft:windows_10_1709:10.0.0:::::::*
microsoft	windows_10_1903 for 32-bit systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:10.0.0:::::::*
microsoft	windows_10_1903 for x64-based systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:10.0.0:::::::*