Lucene search

MicrosoftCVE-2020-1119

HistorySep 11, 2020 - 5:15 p.m.

CVE-2020-1119

2020-09-1117:15:18

microsoft

web.nvd.nist.gov

cve-2020-1119

windows

information disclosure

vulnerability

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.5%

JSON

An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The update addresses the vulnerability by correcting the way in which StartTileData.dll handles objects in memory.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_server_2016Match1903

microsoftwindows_server_2016Match1909

microsoftwindows_server_2016Match2004

VendorProductVersionCPE
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
microsoftwindows_server_20161903cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
microsoftwindows_server_20161909cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
microsoftwindows_server_20162004cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004:::::::*
microsoft	windows_server_2016	1903	cpe:2.3:o:microsoft:windows_server_2016:1903:::::::*
microsoft	windows_server_2016	1909	cpe:2.3:o:microsoft:windows_server_2016:1909:::::::*
microsoft	windows_server_2016	2004	cpe:2.3:o:microsoft:windows_server_2016:2004:::::::*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1909",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
      "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
      "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server, version 1909 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1903 for 32-bit Systems",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1903 for x64-based Systems",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1903 for ARM64-based Systems",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server, version 1903 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 2004",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "ARM64-based Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server version 2004",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]