Out-of-bounds write in ChakraCore

2021-08-02T17:26:23

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Affected Software

CPE Name	Name	Version
	microsoft.chakracore	1.11.17

{"id": "GHSA-PFRG-W49C-8432", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Out-of-bounds write in ChakraCore", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "published": "2021-08-02T17:26:23", "modified": "2023-02-01T05:05:55", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.6}, "severity": "HIGH", "exploitabilityScore": 4.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://github.com/advisories/GHSA-pfrg-w49c-8432", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2020-0768", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768", "https://github.com/advisories/GHSA-pfrg-w49c-8432"], "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "immutableFields": [], "lastseen": "2023-02-01T05:08:03", "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "avleonov", "idList": ["AVLEONOV:4FCA3B316DF1BAA7BC038015245D9813"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0093", "CPAI-2020-0096"]}, {"type": "cve", "idList": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"]}, {"type": "github", "idList": ["GHSA-2QGV-2CV4-G4CG", "GHSA-5P67-CP9C-HQW4", "GHSA-6CC6-66F5-MXJJ", "GHSA-7J34-XQ9V-9MQG", "GHSA-86GW-G9JV-8VFG", "GHSA-C8QC-62QV-5P2X", "GHSA-G644-6FG4-HRH9", "GHSA-H2XM-2P6W-MJ2V", "GHSA-J89M-GCJF-6GHP", "GHSA-JV2C-MHCQ-6WP4", "GHSA-WVHV-RR3V-VHPJ"]}, {"type": "kaspersky", "idList": ["KLA11681", "KLA11692"]}, {"type": "mscve", "idList": ["MS:CVE-2020-0768", "MS:CVE-2020-0823", "MS:CVE-2020-0825", "MS:CVE-2020-0826", "MS:CVE-2020-0827", "MS:CVE-2020-0828", "MS:CVE-2020-0829", "MS:CVE-2020-0830", "MS:CVE-2020-0831", "MS:CVE-2020-0832", "MS:CVE-2020-0833", "MS:CVE-2020-0848"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_MAR_4538461.NASL", "SMB_NT_MS20_MAR_4540670.NASL", "SMB_NT_MS20_MAR_4540673.NASL", "SMB_NT_MS20_MAR_4540681.NASL", "SMB_NT_MS20_MAR_4540688.NASL", "SMB_NT_MS20_MAR_4540689.NASL", "SMB_NT_MS20_MAR_4540693.NASL", "SMB_NT_MS20_MAR_4541506.NASL", "SMB_NT_MS20_MAR_4541509.NASL", "SMB_NT_MS20_MAR_4541510.NASL", "SMB_NT_MS20_MAR_INTERNET_EXPLORER.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815788", "OPENVAS:1361412562310815789", "OPENVAS:1361412562310815790", "OPENVAS:1361412562310815791", "OPENVAS:1361412562310815792", "OPENVAS:1361412562310815793", "OPENVAS:1361412562310815796", "OPENVAS:1361412562310815797"]}, {"type": "osv", "idList": ["OSV:GHSA-2QGV-2CV4-G4CG", "OSV:GHSA-5P67-CP9C-HQW4", "OSV:GHSA-6CC6-66F5-MXJJ", "OSV:GHSA-7J34-XQ9V-9MQG", "OSV:GHSA-86GW-G9JV-8VFG", "OSV:GHSA-C8QC-62QV-5P2X", "OSV:GHSA-G644-6FG4-HRH9", "OSV:GHSA-H2XM-2P6W-MJ2V", "OSV:GHSA-J89M-GCJF-6GHP", "OSV:GHSA-JV2C-MHCQ-6WP4", "OSV:GHSA-PFRG-W49C-8432", "OSV:GHSA-WVHV-RR3V-VHPJ"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9B7C3806B8C67809B298463FBE31A0A4"]}, {"type": "thn", "idList": ["THN:3D9F7E987C17A81C15F0745D108233C7"]}, {"type": "threatpost", "idList": ["THREATPOST:2D47D18D36043D4DFBFAD7C64345410E", "THREATPOST:4F35D1FB8D4F6424F1ADA90F6ED4DF55", "THREATPOST:58C865E4F2AA34CD62938A2E6BBFDE44"]}, {"type": "veracode", "idList": ["VERACODE:22688", "VERACODE:22695", "VERACODE:22698", "VERACODE:22700", "VERACODE:31400", "VERACODE:31401", "VERACODE:31424", "VERACODE:31430", "VERACODE:31432", "VERACODE:31461"]}]}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "avleonov", "idList": ["AVLEONOV:4FCA3B316DF1BAA7BC038015245D9813"]}, {"type": "cve", "idList": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"]}, {"type": "kaspersky", "idList": ["KLA11681"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "mscve", "idList": ["MS:CVE-2020-0768"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_MAR_4538461.NASL", "SMB_NT_MS20_MAR_4540670.NASL", "SMB_NT_MS20_MAR_4540673.NASL", "SMB_NT_MS20_MAR_4540681.NASL", "SMB_NT_MS20_MAR_4540688.NASL", "SMB_NT_MS20_MAR_4540689.NASL", "SMB_NT_MS20_MAR_4540693.NASL", "SMB_NT_MS20_MAR_4541509.NASL", "SMB_NT_MS20_MAR_4541510.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815788", "OPENVAS:1361412562310815789", "OPENVAS:1361412562310815790", "OPENVAS:1361412562310815791", "OPENVAS:1361412562310815792", "OPENVAS:1361412562310815793", "OPENVAS:1361412562310815796", "OPENVAS:1361412562310815797"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "microsoft.chakracore", "version": 1}]}, "epss": [{"cve": "CVE-2020-0768", "epss": "0.030120000", "percentile": "0.893830000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0823", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0825", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0826", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0827", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0828", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0829", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0830", "epss": "0.030120000", "percentile": "0.893830000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0831", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0832", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0833", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}, {"cve": "CVE-2020-0848", "epss": "0.049600000", "percentile": "0.915620000", "modified": "2023-03-19"}], "vulnersScore": 5.2}, "_state": {"dependencies": 1675228188, "score": 1675228295, "affected_software_major_version": 1675229835, "epss": 1679323282}, "_internal": {"score_hash": "2b484929193eaacd1e0e16959f4b3661"}, "affectedSoftware": [{"version": "1.11.17", "operator": "lt", "ecosystem": "NUGET", "name": "microsoft.chakracore"}]}

{"osv": [{"lastseen": "2023-03-12T05:32:17", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:14", "type": "osv", "title": "Out-of-bounds Write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:32:16", "id": "OSV:GHSA-H2XM-2P6W-MJ2V", "href": "https://osv.dev/vulnerability/GHSA-h2xm-2p6w-mj2v", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:36:57", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:11", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:36:53", "id": "OSV:GHSA-WVHV-RR3V-VHPJ", "href": "https://osv.dev/vulnerability/GHSA-wvhv-rr3v-vhpj", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:30:09", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:39", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:30:08", "id": "OSV:GHSA-JV2C-MHCQ-6WP4", "href": "https://osv.dev/vulnerability/GHSA-jv2c-mhcq-6wp4", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:28:07", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:27", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:28:02", "id": "OSV:GHSA-2QGV-2CV4-G4CG", "href": "https://osv.dev/vulnerability/GHSA-2qgv-2cv4-g4cg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:36:12", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:47", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:36:08", "id": "OSV:GHSA-G644-6FG4-HRH9", "href": "https://osv.dev/vulnerability/GHSA-g644-6fg4-hrh9", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:23:30", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-02T17:26:23", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:23:29", "id": "OSV:GHSA-PFRG-W49C-8432", "href": "https://osv.dev/vulnerability/GHSA-pfrg-w49c-8432", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:32:53", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:19", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:32:50", "id": "OSV:GHSA-5P67-CP9C-HQW4", "href": "https://osv.dev/vulnerability/GHSA-5p67-cp9c-hqw4", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-16T23:31:05", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:56:52", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-16T23:31:03", "id": "OSV:GHSA-7J34-XQ9V-9MQG", "href": "https://osv.dev/vulnerability/GHSA-7j34-xq9v-9mqg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:37:04", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:03", "type": "osv", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:37:01", "id": "OSV:GHSA-6CC6-66F5-MXJJ", "href": "https://osv.dev/vulnerability/GHSA-6cc6-66f5-mxjj", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:34:37", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:22", "type": "osv", "title": "Out-of-bounds Write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:34:36", "id": "OSV:GHSA-C8QC-62QV-5P2X", "href": "https://osv.dev/vulnerability/GHSA-c8qc-62qv-5p2x", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:26:29", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:55", "type": "osv", "title": " Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:26:26", "id": "OSV:GHSA-86GW-G9JV-8VFG", "href": "https://osv.dev/vulnerability/GHSA-86gw-g9jv-8vfg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T05:34:58", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:02", "type": "osv", "title": " Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-03-12T05:34:53", "id": "OSV:GHSA-J89M-GCJF-6GHP", "href": "https://osv.dev/vulnerability/GHSA-j89m-gcjf-6ghp", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "github": [{"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:03", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:01", "id": "GHSA-6CC6-66F5-MXJJ", "href": "https://github.com/advisories/GHSA-6cc6-66f5-mxjj", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:39", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:11", "id": "GHSA-JV2C-MHCQ-6WP4", "href": "https://github.com/advisories/GHSA-jv2c-mhcq-6wp4", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:27", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:05:50", "id": "GHSA-2QGV-2CV4-G4CG", "href": "https://github.com/advisories/GHSA-2qgv-2cv4-g4cg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:22", "type": "github", "title": "Out-of-bounds Write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:01", "id": "GHSA-C8QC-62QV-5P2X", "href": "https://github.com/advisories/GHSA-c8qc-62qv-5p2x", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:55", "type": "github", "title": " Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:01", "id": "GHSA-86GW-G9JV-8VFG", "href": "https://github.com/advisories/GHSA-86gw-g9jv-8vfg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:19", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:02", "id": "GHSA-5P67-CP9C-HQW4", "href": "https://github.com/advisories/GHSA-5p67-cp9c-hqw4", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:56:52", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:05:54", "id": "GHSA-7J34-XQ9V-9MQG", "href": "https://github.com/advisories/GHSA-7j34-xq9v-9mqg", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:58:14", "type": "github", "title": "Out-of-bounds Write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:06:11", "id": "GHSA-H2XM-2P6W-MJ2V", "href": "https://github.com/advisories/GHSA-h2xm-2p6w-mj2v", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:47", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:05:54", "id": "GHSA-G644-6FG4-HRH9", "href": "https://github.com/advisories/GHSA-g644-6fg4-hrh9", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:02", "type": "github", "title": " Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:05:55", "id": "GHSA-J89M-GCJF-6GHP", "href": "https://github.com/advisories/GHSA-j89m-gcjf-6ghp", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:08:03", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-28T18:57:11", "type": "github", "title": "Out-of-bounds write in ChakraCore", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2023-02-01T05:05:54", "id": "GHSA-WVHV-RR3V-VHPJ", "href": "https://github.com/advisories/GHSA-wvhv-rr3v-vhpj", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:55:11", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0768", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-0768", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0768", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0823", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0823", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0823", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:29", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0825", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0825", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0825", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:33", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0828", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0828", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0828", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:20", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0830", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-0830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0830", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0829", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0829", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:22", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0832", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2020-0832", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0832", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:20", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0831", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0831", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0831", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0826", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0826", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0826", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0827", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0827", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:20", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0833", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-0833", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0833", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:55:24", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-12T16:15:00", "type": "cve", "title": "CVE-2020-0848", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2020-0848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0848", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-07-27T10:08:09", "description": "chakracore is vulnerable to remote code execution (RCE). This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-13T06:39:10", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2020-07-01T05:44:52", "id": "VERACODE:22695", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22695/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:08:08", "description": "chakracore is vulnerable to remote code execution (RCE). This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-13T06:55:04", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2020-07-01T05:44:45", "id": "VERACODE:22698", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22698/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:31", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T11:57:07", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2022-04-19T18:46:23", "id": "VERACODE:31430", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31430/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:31", "description": "chakracore is vulnerable to remote code execution. The vulnerability exists due to the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T12:30:43", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2022-04-19T18:46:25", "id": "VERACODE:31432", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31432/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:34", "description": "chakracore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T07:59:16", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0848"], "modified": "2022-04-19T18:47:22", "id": "VERACODE:31424", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31424/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:34", "description": "chakracore is vulnrable to remote code execution. A memory corruption vulnerbility due to the way objects in memory are handled, allows an attacker to execute arbitrary code on the host OS.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T02:42:33", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0828"], "modified": "2022-04-19T18:46:24", "id": "VERACODE:31400", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31400/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:34", "description": "chakracore is vulnrable to remote code execution. A memory corruption vulnerbility due to the way objects in memory are handled, allows an attacker to execute arbitrary code on the host OS.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T02:49:38", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0825"], "modified": "2022-04-19T18:47:20", "id": "VERACODE:31401", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31401/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:08:08", "description": "microsoft.chakracore is vulnerable to remote code execution (RCE). The vulnerability is possible because the function `GlobOpt::ArraySrcOpt::Optimize` does not properly validate the `baseValueType` value.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-13T08:57:17", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0823"], "modified": "2020-07-01T05:03:51", "id": "VERACODE:22700", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22700/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T00:19:26", "description": "ChakraCore is vulnerable to remote code execution (RCE). This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-03T03:02:25", "type": "veracode", "title": "Denial Of Service(DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768"], "modified": "2022-04-19T18:46:23", "id": "VERACODE:31461", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31461/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T10:08:09", "description": "Microsoft Chakracore is vulnerable to remote code execution (RCE). The vulnerability exists because it does not properly handle the memory upon an instruction entry to the try region and upon a Leave in the function `ProcessEHRegionBoundary` of `LinearScan.cpp `.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-13T03:33:20", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0829"], "modified": "2020-07-01T05:43:12", "id": "VERACODE:22688", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22688/summary", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:55:10", "description": "### *Detect date*:\n03/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 11 \nInternet Explorer 9 \nMicrosoft Edge (EdgeHTML-based) \nChakraCore\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0829](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0829>) \n[CVE-2020-0811](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0811>) \n[CVE-2020-0812](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0812>) \n[CVE-2020-0813](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0813>) \n[CVE-2020-0816](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0816>) \n[CVE-2020-0828](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0828>) \n[CVE-2020-0832](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0832>) \n[CVE-2020-0833](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0833>) \n[CVE-2020-0830](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0830>) \n[CVE-2020-0831](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0831>) \n[CVE-2020-0825](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0825>) \n[CVE-2020-0824](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0824>) \n[CVE-2020-0768](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0768>) \n[CVE-2020-0826](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0826>) \n[CVE-2020-0847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0847>) \n[CVE-2020-0827](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0827>) \n[CVE-2020-0848](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0848>) \n[CVE-2020-0823](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0823>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-0829](<https://vulners.com/cve/CVE-2020-0829>)7.6Critical \n[CVE-2020-0811](<https://vulners.com/cve/CVE-2020-0811>)7.6Critical \n[CVE-2020-0812](<https://vulners.com/cve/CVE-2020-0812>)7.6Critical \n[CVE-2020-0813](<https://vulners.com/cve/CVE-2020-0813>)5.0Critical \n[CVE-2020-0816](<https://vulners.com/cve/CVE-2020-0816>)9.3Critical \n[CVE-2020-0828](<https://vulners.com/cve/CVE-2020-0828>)7.6Critical \n[CVE-2020-0832](<https://vulners.com/cve/CVE-2020-0832>)7.6Critical \n[CVE-2020-0833](<https://vulners.com/cve/CVE-2020-0833>)7.6Critical \n[CVE-2020-0830](<https://vulners.com/cve/CVE-2020-0830>)7.6Critical \n[CVE-2020-0831](<https://vulners.com/cve/CVE-2020-0831>)7.6Critical \n[CVE-2020-0825](<https://vulners.com/cve/CVE-2020-0825>)7.6Critical \n[CVE-2020-0824](<https://vulners.com/cve/CVE-2020-0824>)7.6Critical \n[CVE-2020-0768](<https://vulners.com/cve/CVE-2020-0768>)7.6Critical \n[CVE-2020-0826](<https://vulners.com/cve/CVE-2020-0826>)7.6Critical \n[CVE-2020-0847](<https://vulners.com/cve/CVE-2020-0847>)7.6Critical \n[CVE-2020-0827](<https://vulners.com/cve/CVE-2020-0827>)7.6Critical \n[CVE-2020-0848](<https://vulners.com/cve/CVE-2020-0848>)7.6Critical \n[CVE-2020-0823](<https://vulners.com/cve/CVE-2020-0823>)7.6Critical\n\n### *KB list*:\n[4538461](<http://support.microsoft.com/kb/4538461>) \n[4541510](<http://support.microsoft.com/kb/4541510>) \n[4540689](<http://support.microsoft.com/kb/4540689>) \n[4541509](<http://support.microsoft.com/kb/4541509>) \n[4540681](<http://support.microsoft.com/kb/4540681>) \n[4540693](<http://support.microsoft.com/kb/4540693>) \n[4540673](<http://support.microsoft.com/kb/4540673>) \n[4540670](<http://support.microsoft.com/kb/4540670>) \n[4540671](<http://support.microsoft.com/kb/4540671>) \n[4540688](<http://support.microsoft.com/kb/4540688>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "kaspersky", "title": "KLA11681 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0811", "CVE-2020-0812", "CVE-2020-0813", "CVE-2020-0816", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0847", "CVE-2020-0848"], "modified": "2021-02-16T00:00:00", "id": "KLA11681", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11681/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:54:58", "description": "### *Detect date*:\n03/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows RT 8.1 \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nInternet Explorer 11 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2012 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nInternet Explorer 9 \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2016 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2012 R2 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0814](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0814>) \n[CVE-2020-0832](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0832>) \n[CVE-2020-0853](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0853>) \n[CVE-2020-0877](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0877>) \n[CVE-2020-0874](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0874>) \n[CVE-2020-0871](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0871>) \n[CVE-2020-0769](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0769>) \n[CVE-2020-0849](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0849>) \n[CVE-2020-0879](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0879>) \n[CVE-2020-0788](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0788>) \n[CVE-2020-0781](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0781>) \n[CVE-2020-0783](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0783>) \n[CVE-2020-0785](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0785>) \n[CVE-2020-0787](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0787>) \n[CVE-2020-0684](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0684>) \n[CVE-2020-0806](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0806>) \n[CVE-2020-0804](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0804>) \n[CVE-2020-0803](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0803>) \n[CVE-2020-0802](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0802>) \n[CVE-2020-0822](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0822>) \n[CVE-2020-0843](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0843>) \n[CVE-2020-0842](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0842>) \n[CVE-2020-0847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0847>) \n[CVE-2020-0860](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0860>) \n[CVE-2020-0845](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0845>) \n[CVE-2020-0844](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0844>) \n[CVE-2020-0887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0887>) \n[CVE-2020-0885](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0885>) \n[CVE-2020-0883](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0883>) \n[CVE-2020-0882](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0882>) \n[CVE-2020-0881](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0881>) \n[CVE-2020-0880](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0880>) \n[CVE-2020-0774](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0774>) \n[CVE-2020-0645](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0645>) \n[CVE-2020-0771](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0771>) \n[CVE-2020-0770](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0770>) \n[CVE-2020-0773](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0773>) \n[CVE-2020-0772](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0772>) \n[CVE-2020-0779](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0779>) \n[CVE-2020-0778](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0778>) \n[CVE-2020-0791](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0791>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-0832](<https://vulners.com/cve/CVE-2020-0832>)7.6Critical \n[CVE-2020-0847](<https://vulners.com/cve/CVE-2020-0847>)7.6Critical \n[CVE-2020-0779](<https://vulners.com/cve/CVE-2020-0779>)2.1Warning \n[CVE-2020-0814](<https://vulners.com/cve/CVE-2020-0814>)7.2High \n[CVE-2020-0788](<https://vulners.com/cve/CVE-2020-0788>)7.2High \n[CVE-2020-0853](<https://vulners.com/cve/CVE-2020-0853>)4.3Warning \n[CVE-2020-0877](<https://vulners.com/cve/CVE-2020-0877>)7.2High \n[CVE-2020-0874](<https://vulners.com/cve/CVE-2020-0874>)2.1Warning \n[CVE-2020-0871](<https://vulners.com/cve/CVE-2020-0871>)2.1Warning \n[CVE-2020-0787](<https://vulners.com/cve/CVE-2020-0787>)7.2High \n[CVE-2020-0849](<https://vulners.com/cve/CVE-2020-0849>)7.2High \n[CVE-2020-0879](<https://vulners.com/cve/CVE-2020-0879>)2.1Warning \n[CVE-2020-0645](<https://vulners.com/cve/CVE-2020-0645>)5.0Critical \n[CVE-2020-0781](<https://vulners.com/cve/CVE-2020-0781>)7.2High \n[CVE-2020-0783](<https://vulners.com/cve/CVE-2020-0783>)7.2High \n[CVE-2020-0882](<https://vulners.com/cve/CVE-2020-0882>)4.3Warning \n[CVE-2020-0785](<https://vulners.com/cve/CVE-2020-0785>)3.6Warning \n[CVE-2020-0769](<https://vulners.com/cve/CVE-2020-0769>)4.6Warning \n[CVE-2020-0684](<https://vulners.com/cve/CVE-2020-0684>)6.8High \n[CVE-2020-0774](<https://vulners.com/cve/CVE-2020-0774>)4.3Warning \n[CVE-2020-0845](<https://vulners.com/cve/CVE-2020-0845>)4.6Warning \n[CVE-2020-0806](<https://vulners.com/cve/CVE-2020-0806>)4.6Warning \n[CVE-2020-0804](<https://vulners.com/cve/CVE-2020-0804>)7.2High \n[CVE-2020-0803](<https://vulners.com/cve/CVE-2020-0803>)7.2High \n[CVE-2020-0802](<https://vulners.com/cve/CVE-2020-0802>)7.2High \n[CVE-2020-0822](<https://vulners.com/cve/CVE-2020-0822>)4.6Warning \n[CVE-2020-0842](<https://vulners.com/cve/CVE-2020-0842>)4.6Warning \n[CVE-2020-0843](<https://vulners.com/cve/CVE-2020-0843>)4.6Warning \n[CVE-2020-0860](<https://vulners.com/cve/CVE-2020-0860>)7.2High \n[CVE-2020-0844](<https://vulners.com/cve/CVE-2020-0844>)4.6Warning \n[CVE-2020-0887](<https://vulners.com/cve/CVE-2020-0887>)7.2High \n[CVE-2020-0885](<https://vulners.com/cve/CVE-2020-0885>)4.3Warning \n[CVE-2020-0883](<https://vulners.com/cve/CVE-2020-0883>)9.3Critical \n[CVE-2020-0881](<https://vulners.com/cve/CVE-2020-0881>)9.3Critical \n[CVE-2020-0880](<https://vulners.com/cve/CVE-2020-0880>)4.3Warning \n[CVE-2020-0771](<https://vulners.com/cve/CVE-2020-0771>)4.6Warning \n[CVE-2020-0773](<https://vulners.com/cve/CVE-2020-0773>)4.6Warning \n[CVE-2020-0772](<https://vulners.com/cve/CVE-2020-0772>)4.6Warning \n[CVE-2020-0778](<https://vulners.com/cve/CVE-2020-0778>)4.6Warning \n[CVE-2020-0791](<https://vulners.com/cve/CVE-2020-0791>)7.2High \n[CVE-2020-0770](<https://vulners.com/cve/CVE-2020-0770>)4.6Warning\n\n### *KB list*:\n[4541506](<http://support.microsoft.com/kb/4541506>) \n[4540671](<http://support.microsoft.com/kb/4540671>) \n[4540688](<http://support.microsoft.com/kb/4540688>) \n[4541504](<http://support.microsoft.com/kb/4541504>) \n[4541500](<http://support.microsoft.com/kb/4541500>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "kaspersky", "title": "KLA11692 Multiple vulnerabilities in Microsoft products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0814", "CVE-2020-0822", "CVE-2020-0832", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0860", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887"], "modified": "2022-03-30T00:00:00", "id": "KLA11692", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11692/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-02-22T14:19:34", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (March 2020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768", "CVE-2020-0824", "CVE-2020-0830", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0847"], "modified": "2020-04-17T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_MAR_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/134377", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134377);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/17\");\n\n script_cve_id(\n \"CVE-2020-0768\",\n \"CVE-2020-0824\",\n \"CVE-2020-0830\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0847\"\n );\n script_xref(name:\"MSKB\", value:\"4541509\");\n script_xref(name:\"MSKB\", value:\"4541510\");\n script_xref(name:\"MSKB\", value:\"4540671\");\n script_xref(name:\"MSFT\", value:\"MS20-4541509\");\n script_xref(name:\"MSFT\", value:\"MS20-4541510\");\n script_xref(name:\"MSFT\", value:\"MS20-4540671\");\n\n script_name(english:\"Security Updates for Internet Explorer (March 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\");\n # https://support.microsoft.com/en-us/help/4540671/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a14d7a85\");\n # https://support.microsoft.com/en-us/help/4541510/windows-server-2012-update-kb4541510\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?438d05ee\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4541509/windows-8-1-kb4541509\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB4540671\n -KB4541509 \n -KB4541510\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-03';\nkbs = make_list(\n '4540671',\n '4541509',\n '4541510'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19649\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4540671\") ||\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22975\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4540671\") ||\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19649\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4540671\")\n )\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4540671 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4541509 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-03', kb:'4541509', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4541510 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-03', kb:'4541510', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:30", "description": "The remote Windows host is missing security update 4538461.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-0854)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. (CVE-2020-0763)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0879)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0811, CVE-2020-0812)\n\n - An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u2019s computer or data. (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,CVE-2020-0831, CVE-2020-0848)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4538461: Windows 10 Version 1809 and Windows Server 2019 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0763", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0776", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0798", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0807", "CVE-2020-0808", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0811", "CVE-2020-0812", "CVE-2020-0813", "CVE-2020-0814", "CVE-2020-0816", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0854", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4538461.NASL", "href": "https://www.tenable.com/plugins/nessus/134368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134368);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0763\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0776\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0798\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0807\",\n \"CVE-2020-0808\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0811\",\n \"CVE-2020-0812\",\n \"CVE-2020-0813\",\n \"CVE-2020-0814\",\n \"CVE-2020-0816\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0825\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0848\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0854\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4538461\");\n script_xref(name:\"MSFT\", value:\"MS20-4538461\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4538461: Windows 10 Version 1809 and Windows Server 2019 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4538461.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-0854)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the\n way the Provisioning Runtime validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows Defender Security Center handles certain objects\n in memory. (CVE-2020-0763)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0879)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles file\n operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2020-0811, CVE-2020-0812)\n\n - An information disclosure vulnerability exists when \n Chakra improperly discloses the contents of its memory, \n which could provide an attacker with information to \n further compromise the user\u00e2\u0080\u0099s computer or data. \n (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when \n Microsoft Edge improperly accesses objects in memory. \n The vulnerability could corrupt memory in such a way \n that enables an attacker to execute arbitrary code in \n the context of the current user. An attacker who \n successfully exploited the vulnerability could gain \n the same user rights as the current user. If the current \n user is logged on with administrative user rights, an \n attacker could take control of an affected system. An \n attacker could then install programs; view, change, or \n delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323,\n CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, \n CVE-2020-0829,CVE-2020-0831, CVE-2020-0848)\");\n # https://support.microsoft.com/en-us/help/4538461/windows-10-update-kb4538461\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87f654b6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4538461.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4538461');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4538461])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:52", "description": "The remote Windows host is missing security update 4540681.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. (CVE-2020-0762)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0811)\n\n - An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u2019s computer or data. (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0848)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540681: Windows 10 Version 1709 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0762", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0776", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0798", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0808", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0811", "CVE-2020-0813", "CVE-2020-0814", "CVE-2020-0816", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0877", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4540681.NASL", "href": "https://www.tenable.com/plugins/nessus/134371", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134371);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0762\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0776\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0798\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0808\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0811\",\n \"CVE-2020-0813\",\n \"CVE-2020-0814\",\n \"CVE-2020-0816\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0848\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0877\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4540681\");\n script_xref(name:\"MSFT\", value:\"MS20-4540681\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540681: Windows 10 Version 1709 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540681.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the\n way the Provisioning Runtime validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when\n Windows Defender Security Center handles certain objects\n in memory. (CVE-2020-0762)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles file\n operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2020-0811)\n\n - An information disclosure vulnerability exists when \n Chakra improperly discloses the contents of its memory, \n which could provide an attacker with information to \n further compromise the user\u00e2\u0080\u0099s computer or data. \n (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when \n Microsoft Edge improperly accesses objects in memory. \n The vulnerability could corrupt memory in such a way \n that enables an attacker to execute arbitrary code in \n the context of the current user. An attacker who \n successfully exploited the vulnerability could gain \n the same user rights as the current user. If the current \n user is logged on with administrative user rights, an \n attacker could take control of an affected system. An \n attacker could then install programs; view, change, or \n delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323,\n CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,\n CVE-2020-0831, CVE-2020-0848)\");\n # https://support.microsoft.com/en-us/help/4540681/windows-10-update-kb4540681\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2dc3112c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4540681.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540681');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540681])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:41", "description": "The remote Windows host is missing security update 4540670.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791, CVE-2020-0898)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0786)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0848)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540670: Windows 10 Version 1607 and Windows Server 2016 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0776", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0786", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0798", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0814", "CVE-2020-0816", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897", "CVE-2020-0898"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4540670.NASL", "href": "https://www.tenable.com/plugins/nessus/134369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134369);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0776\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0786\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0798\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0814\",\n \"CVE-2020-0816\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0848\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\",\n \"CVE-2020-0898\"\n );\n script_xref(name:\"MSKB\", value:\"4540670\");\n script_xref(name:\"MSFT\", value:\"MS20-4540670\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540670: Windows 10 Version 1607 and Windows Server 2016 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540670.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791, CVE-2020-0898)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - A denial of service vulnerability exists when the\n Windows Tile Object Service improperly handles hard\n links. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2020-0786)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles file\n operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists when \n Microsoft Edge improperly accesses objects in memory. \n The vulnerability could corrupt memory in such a way \n that enables an attacker to execute arbitrary code in \n the context of the current user. An attacker who \n successfully exploited the vulnerability could gain \n the same user rights as the current user. If the current \n user is logged on with administrative user rights, an \n attacker could take control of an affected system. An \n attacker could then install programs; view, change, or \n delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323,\n CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,\n CVE-2020-0831, CVE-2020-0848)\");\n # https://support.microsoft.com/en-us/help/4540670/windows-10-update-kb4540670\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f4230aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4540670.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540670');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540670])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:21", "description": "The remote Windows host is missing security update 4540673.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-0854)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0863)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0876)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. (CVE-2020-0762, CVE-2020-0763)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0811, CVE-2020-0812)\n\n - An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u2019s computer or data. (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,CVE-2020-0831, CVE-2020-0848)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540673: Windows 10 Version 1903 and Windows 10 Version 1909 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0762", "CVE-2020-0763", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0776", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0798", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0807", "CVE-2020-0808", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0811", "CVE-2020-0812", "CVE-2020-0813", "CVE-2020-0814", "CVE-2020-0816", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0854", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0863", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0876", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4540673.NASL", "href": "https://www.tenable.com/plugins/nessus/134370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134370);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0762\",\n \"CVE-2020-0763\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0776\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0798\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0807\",\n \"CVE-2020-0808\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0811\",\n \"CVE-2020-0812\",\n \"CVE-2020-0813\",\n \"CVE-2020-0814\",\n \"CVE-2020-0816\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0825\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0848\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0854\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0863\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0876\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4540673\");\n script_xref(name:\"MSFT\", value:\"MS20-4540673\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540673: Windows 10 Version 1903 and Windows 10 Version 1909 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540673.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-0854)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the\n way the Provisioning Runtime validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-0863)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0876)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when\n Windows Defender Security Center handles certain objects\n in memory. (CVE-2020-0762, CVE-2020-0763)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles file\n operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2020-0811, CVE-2020-0812)\n\n - An information disclosure vulnerability exists when \n Chakra improperly discloses the contents of its memory, \n which could provide an attacker with information to \n further compromise the user\u00e2\u0080\u0099s computer or data. \n (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when \n Microsoft Edge improperly accesses objects in memory. \n The vulnerability could corrupt memory in such a way \n that enables an attacker to execute arbitrary code in \n the context of the current user. An attacker who \n successfully exploited the vulnerability could gain \n the same user rights as the current user. If the current \n user is logged on with administrative user rights, an \n attacker could take control of an affected system. An \n attacker could then install programs; view, change, or \n delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323,\n CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, \n CVE-2020-0829,CVE-2020-0831, CVE-2020-0848)\");\n # https://support.microsoft.com/en-us/help/4540673/windows-10-update-kb4540673\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf6b6a90\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4540673.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540673');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540673])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540673])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:19", "description": "The remote Windows host is missing security update 4540693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0786)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540693: Windows 10 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0786", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0814", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4540693.NASL", "href": "https://www.tenable.com/plugins/nessus/134373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134373);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0786\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0814\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4540693\");\n script_xref(name:\"MSFT\", value:\"MS20-4540693\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540693: Windows 10 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0809, CVE-2020-0869)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - A denial of service vulnerability exists when the\n Windows Tile Object Service improperly handles hard\n links. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2020-0786)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323,\n CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,\n CVE-2020-0831)\");\n # https://support.microsoft.com/en-us/help/4540693/windows-10-update-kb4540693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0759ed88\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4540693.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540693');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540693])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:52", "description": "The remote Windows host is missing security update 4540689.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849, CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An attacker who had already gained execution on the victim system could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Update Orchestrator Service handles file operations. (CVE-2020-0867, CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. (CVE-2020-0762, CVE-2020-0763)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0801, CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0811)\n\n - An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u2019s computer or data. (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0816) \n - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-08323, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0848)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540689: Windows 10 Version 1803 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0690", "CVE-2020-0762", "CVE-2020-0763", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0775", "CVE-2020-0776", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0793", "CVE-2020-0797", "CVE-2020-0798", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0807", "CVE-2020-0808", "CVE-2020-0809", "CVE-2020-0810", "CVE-2020-0811", "CVE-2020-0813", "CVE-2020-0814", "CVE-2020-0816", "CVE-2020-0819", "CVE-2020-0820", "CVE-2020-0822", "CVE-2020-0823", "CVE-2020-0824", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-08323", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0841", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0867", "CVE-2020-0868", "CVE-2020-0869", "CVE-2020-0871", "CVE-2020-0877", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0896", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_MAR_4540689.NASL", "href": "https://www.tenable.com/plugins/nessus/134372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134372);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0690\",\n \"CVE-2020-0762\",\n \"CVE-2020-0763\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0775\",\n \"CVE-2020-0776\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0793\",\n \"CVE-2020-0797\",\n \"CVE-2020-0798\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0801\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0807\",\n \"CVE-2020-0808\",\n \"CVE-2020-0809\",\n \"CVE-2020-0810\",\n \"CVE-2020-0811\",\n \"CVE-2020-0813\",\n \"CVE-2020-0814\",\n \"CVE-2020-0816\",\n \"CVE-2020-0819\",\n \"CVE-2020-0820\",\n \"CVE-2020-0822\",\n \"CVE-2020-0823\",\n \"CVE-2020-0824\",\n \"CVE-2020-0826\",\n \"CVE-2020-0827\",\n \"CVE-2020-0828\",\n \"CVE-2020-0829\",\n \"CVE-2020-0830\",\n \"CVE-2020-0831\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0841\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0848\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0867\",\n \"CVE-2020-0868\",\n \"CVE-2020-0869\",\n \"CVE-2020-0871\",\n \"CVE-2020-0877\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0896\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4540689\");\n script_xref(name:\"MSFT\", value:\"MS20-4540689\");\n script_xref(name:\"IAVA\", value:\"2020-A-0214-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540689: Windows 10 Version 1803 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540689.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the\n way the Provisioning Runtime validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2020-0808)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2020-0798)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector or the Visual Studio\n Standard Collector allows file creation in arbitrary\n locations. (CVE-2020-0810)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0841, CVE-2020-0849,\n CVE-2020-0896)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An attacker who had already\n gained execution on the victim system could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Media Foundation handles objects in\n memory. (CVE-2020-0820)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Orchestrator Service improperly handles\n file operations. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Update Orchestrator\n Service handles file operations. (CVE-2020-0867,\n CVE-2020-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An elevation of privilege vulnerability exists when\n Windows Defender Security Center handles certain objects\n in memory. (CVE-2020-0762, CVE-2020-0763)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0690)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles file\n operations. (CVE-2020-0776)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n handles file operations. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges. An attacker with unprivileged access to a\n vulnerable system could exploit this vulnerability. The\n security update addresses the vulnerability by ensuring\n the Diagnostics Hub Standard Collector Service properly\n handles file operations. (CVE-2020-0793)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-0775)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0801,\n CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2020-0811)\n\n - An information disclosure vulnerability exists when \n Chakra improperly discloses the contents of its memory, \n which could provide an attacker with information to \n further compromise the user\u00e2\u0080\u0099s computer or data. \n (CVE-2020-0813)\n\n - A remote code execution vulnerability exists when \n Microsoft Edge improperly accesses objects in memory. \n The vulnerability could corrupt memory in such a way \n that enables an attacker to execute arbitrary code in \n the context of the current user. An attacker who \n successfully exploited the vulnerability could gain \n the same user rights as the current user. If the current \n user is logged on with administrative user rights, an \n attacker could take control of an affected system. An \n attacker could then install programs; view, change, or \n delete data; or create new accounts with full user rights.\n (CVE-2020-0816)\n \n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-08323, \n CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,\n CVE-2020-0831, CVE-2020-0848)\");\n # https://support.microsoft.com/en-us/help/4540689/windows-10-update-kb4540689\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?579abf8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4540689.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0690\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540689');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540689])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:42", "description": "The remote Windows host is missing security update 4541500 or cumulative update 4540688. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-24T00:00:00", "type": "nessus", "title": "KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0814", "CVE-2020-0822", "CVE-2020-0824", "CVE-2020-0830", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0860", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_MAR_4540688.NASL", "href": "https://www.tenable.com/plugins/nessus/134865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134865);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0814\",\n \"CVE-2020-0822\",\n \"CVE-2020-0824\",\n \"CVE-2020-0830\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0860\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\"\n );\n script_xref(name:\"MSKB\", value:\"4540688\");\n script_xref(name:\"MSKB\", value:\"4541500\");\n script_xref(name:\"MSFT\", value:\"MS20-4540688\");\n script_xref(name:\"MSFT\", value:\"MS20-4541500\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4541500\nor cumulative update 4540688. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\");\n # https://support.microsoft.com/en-us/help/4540688/windows-7-update-kb4540688\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?210cd1ec\");\n # https://support.microsoft.com/en-us/help/4541500/windows-7-update-kb4541500\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7405b8a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4541500 or Cumulative Update KB4540688.\n\nPlease Note: These updates are only available through Microsoft's Extended Support Updates program.\nThis operating system is otherwise unsupported.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0883\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540688', '4541500');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540688, 4541500])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:07", "description": "The remote Windows host is missing security update 4540694 or cumulative update 4541510. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4540694: Windows Server 2012 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0799", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0814", "CVE-2020-0819", "CVE-2020-0822", "CVE-2020-0824", "CVE-2020-0830", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_MAR_4541510.NASL", "href": "https://www.tenable.com/plugins/nessus/134375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134375);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0799\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0814\",\n \"CVE-2020-0819\",\n \"CVE-2020-0822\",\n \"CVE-2020-0824\",\n \"CVE-2020-0830\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\"\n );\n script_xref(name:\"MSKB\", value:\"4541510\");\n script_xref(name:\"MSKB\", value:\"4540694\");\n script_xref(name:\"MSFT\", value:\"MS20-4541510\");\n script_xref(name:\"MSFT\", value:\"MS20-4540694\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4540694: Windows Server 2012 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4540694\nor cumulative update 4541510. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\");\n # https://support.microsoft.com/en-us/help/4541510/windows-server-2012-update-kb4541510\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?438d05ee\");\n # https://support.microsoft.com/en-us/help/4540694/windows-server-2012-update-kb4540694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?224a0292\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4540694 or Cumulative Update KB4541510.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0883\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4540694', '4541510');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4540694, 4541510])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:21", "description": "The remote Windows host is missing security update 4541505 or cumulative update 4541509. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Device Setup Manager handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0849)\n\n - An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0861)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "KB4541505: Windows 8.1 and Windows Server 2012 R2 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0768", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0777", "CVE-2020-0778", "CVE-2020-0779", "CVE-2020-0780", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0785", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0797", "CVE-2020-0799", "CVE-2020-0800", "CVE-2020-0802", "CVE-2020-0803", "CVE-2020-0804", "CVE-2020-0806", "CVE-2020-0814", "CVE-2020-0819", "CVE-2020-0822", "CVE-2020-0824", "CVE-2020-0830", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0834", "CVE-2020-0840", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0844", "CVE-2020-0845", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0859", "CVE-2020-0860", "CVE-2020-0861", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0871", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0879", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0885", "CVE-2020-0887", "CVE-2020-0897"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_MAR_4541509.NASL", "href": "https://www.tenable.com/plugins/nessus/134374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134374);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0768\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0773\",\n \"CVE-2020-0774\",\n \"CVE-2020-0777\",\n \"CVE-2020-0778\",\n \"CVE-2020-0779\",\n \"CVE-2020-0780\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0785\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0797\",\n \"CVE-2020-0799\",\n \"CVE-2020-0800\",\n \"CVE-2020-0802\",\n \"CVE-2020-0803\",\n \"CVE-2020-0804\",\n \"CVE-2020-0806\",\n \"CVE-2020-0814\",\n \"CVE-2020-0819\",\n \"CVE-2020-0822\",\n \"CVE-2020-0824\",\n \"CVE-2020-0830\",\n \"CVE-2020-0832\",\n \"CVE-2020-0833\",\n \"CVE-2020-0834\",\n \"CVE-2020-0840\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0844\",\n \"CVE-2020-0845\",\n \"CVE-2020-0847\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0857\",\n \"CVE-2020-0858\",\n \"CVE-2020-0859\",\n \"CVE-2020-0860\",\n \"CVE-2020-0861\",\n \"CVE-2020-0864\",\n \"CVE-2020-0865\",\n \"CVE-2020-0866\",\n \"CVE-2020-0871\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0879\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0885\",\n \"CVE-2020-0887\",\n \"CVE-2020-0897\"\n );\n script_xref(name:\"MSKB\", value:\"4541505\");\n script_xref(name:\"MSKB\", value:\"4541509\");\n script_xref(name:\"MSFT\", value:\"MS20-4541505\");\n script_xref(name:\"MSFT\", value:\"MS20-4541509\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4541505: Windows 8.1 and Windows Server 2012 R2 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4541505\nor cumulative update 4541509. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows Device Setup Manager improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Device Setup Manager\n handles file operations. (CVE-2020-0819)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-0777, CVE-2020-0797,\n CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,\n CVE-2020-0866, CVE-2020-0897)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0824)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0840, CVE-2020-0849)\n\n - An information disclosure vulnerability exists when\n Windows Network Connections Service fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could potentially disclose\n memory contents of an elevated process. (CVE-2020-0871)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-0858)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0778, CVE-2020-0802,\n CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the Windows kernel fails to\n properly handle parsing of certain symbolic links. An\n attacker who successfully exploited this vulnerability\n could potentially access privileged registry keys and\n thereby elevate permissions. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0799)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-0844)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874, CVE-2020-0879)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0857)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0806)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2020-0885)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0780)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0834)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\n\n - An information disclosure vulnerability exists when the\n Windows Network Driver Interface Specification (NDIS)\n improperly handles memory. (CVE-2020-0861)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832, CVE-2020-0833)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0768, CVE-2020-0830)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0785)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4541505/windows-8-1-kb4541505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4541509/windows-8-1-kb4541509\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4541505 or Cumulative Update KB4541509.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0883\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4541509', '4541505');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4541509, 4541505])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:12:07", "description": "The remote Windows host is missing security update 4541504 or cumulative update 4541506. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770)\n\n - A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2020-0832)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0880, CVE-2020-0882)\n\n - An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)\n\n - An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-24T00:00:00", "type": "nessus", "title": "KB4541504: Windows Server 2008 March 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0645", "CVE-2020-0684", "CVE-2020-0769", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0772", "CVE-2020-0779", "CVE-2020-0781", "CVE-2020-0783", "CVE-2020-0787", "CVE-2020-0788", "CVE-2020-0791", "CVE-2020-0814", "CVE-2020-0822", "CVE-2020-0832", "CVE-2020-0842", "CVE-2020-0843", "CVE-2020-0847", "CVE-2020-0849", "CVE-2020-0853", "CVE-2020-0874", "CVE-2020-0877", "CVE-2020-0880", "CVE-2020-0881", "CVE-2020-0882", "CVE-2020-0883", "CVE-2020-0887"], "modified": "2023-02-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_MAR_4541506.NASL", "href": "https://www.tenable.com/plugins/nessus/134866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134866);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2020-0645\",\n \"CVE-2020-0684\",\n \"CVE-2020-0769\",\n \"CVE-2020-0770\",\n \"CVE-2020-0771\",\n \"CVE-2020-0772\",\n \"CVE-2020-0779\",\n \"CVE-2020-0781\",\n \"CVE-2020-0783\",\n \"CVE-2020-0787\",\n \"CVE-2020-0788\",\n \"CVE-2020-0791\",\n \"CVE-2020-0814\",\n \"CVE-2020-0822\",\n \"CVE-2020-0832\",\n \"CVE-2020-0842\",\n \"CVE-2020-0843\",\n \"CVE-2020-0847\",\n \"CVE-2020-0849\",\n \"CVE-2020-0853\",\n \"CVE-2020-0874\",\n \"CVE-2020-0877\",\n \"CVE-2020-0880\",\n \"CVE-2020-0881\",\n \"CVE-2020-0882\",\n \"CVE-2020-0883\",\n \"CVE-2020-0887\"\n );\n script_xref(name:\"MSKB\", value:\"4541506\");\n script_xref(name:\"MSKB\", value:\"4541504\");\n script_xref(name:\"MSFT\", value:\"MS20-4541506\");\n script_xref(name:\"MSFT\", value:\"MS20-4541504\");\n script_xref(name:\"IAVA\", value:\"2020-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"KB4541504: Windows Server 2008 March 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4541504\nor cumulative update 4541506. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-0770)\n\n - A tampering vulnerability exists when Microsoft IIS\n Server improperly handles malformed request headers. An\n attacker who successfully exploited the vulnerability\n could cause a vulnerable server to improperly process\n HTTP headers and tamper with the responses returned to\n clients. (CVE-2020-0645)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0779)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0791)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-0847)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2020-0814,\n CVE-2020-0842, CVE-2020-0843)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0832)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting improperly handles memory.\n (CVE-2020-0772)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-0880, CVE-2020-0882)\n\n - An elevation of privilege vulnerability exists when the\n Windows Background Intelligent Transfer Service (BITS)\n improperly handles symbolic links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0787)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0874)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-0881,\n CVE-2020-0883)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-0769, CVE-2020-0771)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n succesfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-0853)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-0849)\n\n - An elevation of privilege vulnerability exists when the\n Windows Language Pack Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Language Pack Installer\n handles file operations. (CVE-2020-0822)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0684)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0788, CVE-2020-0877,\n CVE-2020-0887)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0781, CVE-2020-0783)\");\n # https://support.microsoft.com/en-us/help/4541506/windows-server-2008-update-kb4541506\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3123a7c3\");\n # https://support.microsoft.com/en-us/help/4541504/windows-server-2008-update-kb4541504\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0805ef06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4541504 or Cumulative Update KB4541506.\n\nPlease Note: These updates are only available through Microsoft's Extended Support Updates program.\nThis operating system is otherwise unsupported.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0883\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-03\";\nkbs = make_list('4541506', '4541504');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"03_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4541506, 4541504])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2020-08-07T08:03:36", "description": "## SMBv3 "Wormable" RCE\n\nWithout a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. \n\n![Microsoft Patch Tuesday for March 2020: a new record was set, SMBv3 \"Wormable\" RCE and updates for February goldies](https://avleonov.com/wp-content/uploads/2020/03/Microsoft_Patch_Tuesday_March_2020.png)\n\nThere was a strange story of how it was disclosed. It seems like Microsoft accidentally mentioned it in their blog. Than they somehow found out that the patch for this vulnerability will not be released in the March Patch Tuesday. So, they removed the reference to this vulnerability from the blogpost as quickly as they could.\n\nBut some security experts have seen it. And, of course, after [EternalBlue and massive cryptolocker attacks](<https://avleonov.com/2017/05/13/wannacry-about-vulnerability-management/>) in 2017, each RCE in SMB means "OMG, this is happening again, we need to do something really fast!" So, Microsoft just had to publish an advisory for this vulnerability with the workaround [ADV200005 ](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005>)and to release an urgent patch [KB4551762](<https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762>).\n\n### So what is it about?\n\n * If we have a vulnerable server, the attacker can send a specially crafted packet to the server and execute arbitrary code. This is the most interesting scenario.\n * If we have a vulnerable client, the attacker can configure a malicious SMBv3 Server and convince the user to connect to this server. So, the attacker will be able to execute arbitrary code on this client host. \n\n### What's the difference between EternalBlue MS17-010 and this case? \n\nThis vulnerability can be exploited because of SMBv3 compression that only works in the latest versions of Windows 10 and Windows Server (1903 and 1909). This means the smaller number of potential targets.\n\nIn the case of EternalBlue and MS17-010, there was a real cyber weapon that was made and tested by NSA. For this new vulnerability we currently have only a [DoS exploit](<https://github.com/eerykitty/CVE-2020-0796-PoC?files=1>) and there is a [video of such exploitation in Kryptos Logic twitter](<https://twitter.com/kryptoslogic/status/1238057276738592768>). Will a fully functional RCE exploit appear in the near future? Who knows\u2026 But it definitely won't hurt to fix this vulnerability as soon as possible.\n\n### How to fix this?\n\nTo install [the patch](<https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762>) or switch off SMBv3 compression as it is written [in advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005>) (but this is not recommended way anymore)\n\n### How to detect this?\n\nThere is an [open source scanner](<https://github.com/ollypwn/SMBGhost>) that detects SMB dialect 3.1.1 and compression capability. Commercial solutions already have plugins for detection, for example, Nessus plugins for [remote](<https://www.tenable.com/plugins/nessus/134421>) and [patch-based](<https://www.tenable.com/plugins/nessus/134428>) detection.\n\n## Patch Tuesday for March 2020\n\nOk, now about the vulnerabilities in Patch Tuesday for March 2020. First of all, there are a lot of them! 115 CVEs! This is a new record and it's impossible to discuss each of them individually. So, I will only mention the main groups. First of all, the different RCEs.\n\n### Remote Code Executions\n\nIn each patch Tuesday there are RCEs in Internet Explorer and Microsoft Edge. And usually the problem is in Chakra JavaScript engine. This time there are 13 RCE CVEs in ChakraCore. They can be potentially exploited if you visit a malicious site. CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0847, CVE-2020-0848 \n\nAnother group of RCEs that is related to some media files. These are vulnerabilities in: \n\n * Windows Graphics Device Interface (GDI) (CVE-2020-0881, CVE-2020-0883)\n * Windows Media Foundation (CVE-2020-0801, CVE-2020-0807, CVE-2020-0809, CVE-2020-0869)\n\nThey can be also used in a web-based attack, where an attacker convinces a user to visit some malicious website.\n\nThere are also RCEs in Microsoft Word (CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892). One of them (CVE-2020-0852) can be exploited simply by previewing a malicious file in Mcrosoft Outlook.\n\nBut the most interesting issue is related to .LNK files processing (CVE-2020-0684). When a user opens malicious share or removable drive, Windows Explorer parses the .LNK file and malicious binary executes with the rights of local user.\n\n### Elevation of Privilege\n\nAnd finally, there are many privilege escalation vulnerabilities that use different mechanisms, but all of them could be used to start processes with higher permissions after the initial user login. These vulnerabilities are in: \n\n * Windows Working Folder Service (CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866 and CVE-2020-0897)\n * Win32k (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)\n\n## February goldies\n\nIn a February Patch Tuesday,[ I mentioned two the most interesting vulnerabilities](<https://avleonov.com/2020/02/13/microsoft-patch-tuesday-february-2020/>). Let's see if something has changed with them in a month.\n\n**Microsoft Exchange server seizure** CVE-2020-0688. By sending a malicious email message the attacker can run commands on a vulnerable Exchange server as the system user (and monitor email communications). \u201cthe attacker could completely take control of an Exchange server through a single e-mail\u201d. This vulnerability now has several exploits, including one in Metasploit "Exchange Control Panel ViewState Deserialization". And there is news that this Microsoft Exchange Server Flaw Exploited in APT Attacks. You can see you all these [updates at Vulners.com](<https://vulners.com/cve/CVE-2020-0688>). \n\nThe second one was **Mysterious Windows RCE** CVE-2020-0662. \u201cTo exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.\u201d Without needing to directly log in to the affected device! For this vulnerability, nothing has changed in a month.\n\n![](http://feeds.feedburner.com/~r/avleonov/~4/BTbjjTQwEtQ)", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-22T01:15:34", "type": "avleonov", "title": "Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 \u201cWormable\u201d RCE and updates for February goldies", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0662", "CVE-2020-0684", "CVE-2020-0688", "CVE-2020-0768", "CVE-2020-0777", "CVE-2020-0788", "CVE-2020-0796", "CVE-2020-0797", "CVE-2020-0800", "CVE-2020-0801", "CVE-2020-0807", "CVE-2020-0809", "CVE-2020-0823", "CVE-2020-0825", "CVE-2020-0826", "CVE-2020-0827", "CVE-2020-0828", "CVE-2020-0829", "CVE-2020-0830", "CVE-2020-0831", "CVE-2020-0832", "CVE-2020-0833", "CVE-2020-0847", "CVE-2020-0848", "CVE-2020-0850", "CVE-2020-0851", "CVE-2020-0852", "CVE-2020-0855", "CVE-2020-0864", "CVE-2020-0865", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0877", "CVE-2020-0881", "CVE-2020-0883", "CVE-2020-0887", "CVE-2020-0892", "CVE-2020-0897"], "modified": "2020-03-22T01:15:34", "id": "AVLEONOV:4FCA3B316DF1BAA7BC038015245D9813", "href": "http://feedproxy.google.com/~r/avleonov/~3/BTbjjTQwEtQ/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0825"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0825", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0825", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0828"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0828", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0828", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0823"], "modified": "2020-03-17T07:00:00", "id": "MS:CVE-2020-0823", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0823", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0833"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0833", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0833", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0832"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0832", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0832", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0826"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0826", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0826", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0768"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0768", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0768", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0829"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0829", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0829", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0827"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0827", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0827", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0848"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0848", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0848", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n\nIf the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0831"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0831", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0831", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:19", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-10T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0830"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2020-0830", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0830", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-03-11T13:15:24", "description": "Sound security budget planning and execution are essential for the CIO\u2019s/CISO\u2019s success. Now, for the first time, The Ultimate Security Budget Plan & Track Excel template ([**download here**](<https://go.cynet.com/the-ultimate-security-budget-template/?utm_source=threatpost>)) provides security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.\n\nThe dynamic nature of the threat landscape and the possibility of the organization being subject to a critical attack, make an unexpected investment in additional products, staff, or services a highly likely scenario that should be considered. Integrating this factor within the initial planning is a challenge many CISOs encounter.\n\nThe Ultimate Security Budget Plan & Track template is an excel spreadsheet that comes pre-packaged with the required formulas to continuously measure, on a monthly basis, the planned and actual security investments, providing immediate visibility into any mismatch between the two. In addition, for each month there is a summary, displaying the percentage of how much of the overall annual budget has been already consumed.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/10150625/The-Ultimate-Security-Budget-Excel-Template.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/10150625/The-Ultimate-Security-Budget-Excel-Template.png>)\n\nThe Ultimate Security Budget Plan & Track Excel divides security spending into three buckets:\n\n * **Products** \u2013 already deployed as well as planned projects for the coming year\n * **Staff** \u2013 ongoing retainment of the security team, investments in their professional development, and security training to the organization\u2019s workforce\n * **Services** \u2013 any type of 3rd party services, from product deployment and management to IR and auditing.\n\nNaturally, there is no one size fits all, and while the template is pre-populated with common products, staff, and services categories with examples it is meant to be used as a starting point from which each CISO can make modifications and adjustments based on their organization\u2019s unique needs.\n\nIn order to get started, the following steps are required:\n\n 1. 1. Insert the annual cybersecurity budget in the dedicated cell\n 2. Go through the three spend sections and add the names of the products, staff and services you use (feel free to modify these sections based on your needs)\n 1. Enter your planned spending for every month\n 2. At the end of every month, enter your actual spending. If it exceeds the planned one, the cell should become red.\n 3. At the end of each month, get clear visibility into your expected annual spent (actual spend so far + planned spent until the end of the year) vs. The annual allocated budget.\n\n[Download The Ultimate Security Budget Plan & Track here](<https://go.cynet.com/the-ultimate-security-budget-template/?utm_source=threatpost>)\n", "cvss3": {}, "published": "2020-03-11T13:00:34", "type": "threatpost", "title": "The Ultimate Security Budget Excel Template", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0833"], "modified": "2020-03-11T13:00:34", "id": "THREATPOST:4F35D1FB8D4F6424F1ADA90F6ED4DF55", "href": "https://threatpost.com/the-ultimate-security-budget-excel-template-the-easiest-way-to-plan-and-monitor-your-security-spending/153558/?utm_source=rss&utm_medium=rss&utm_campaign=the-ultimate-security-budget-excel-template-the-easiest-way-to-plan-and-monitor-your-security-spending", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-14T22:27:41", "description": "Microsoft tackled 115 bug fixes as part of its March Patch Tuesday update \u2013 26 rated critical and 88 rated medium severity. The bugs patched span its product catalog, from Azure DevOps to Windows 10.\n\nThis month\u2019s haul is notable in its quantity and that there are only a few stand-out bugs causing headaches for system administrators. Unlike [last month](<https://threatpost.com/microsoft-active-attacks-air-gap-99-patches/152807/>), Microsoft did not report that any of its bugs were publicly known or under attack at the time it released its bulletin.\n\nWithin the mix of critical issues, Microsoft tacked three remote code execution vulnerabilities. Two are tied to Internet Explorer (CVE-2020-0833, CVE-2020-0824) and the third (CVE-2020-0847) to the VBscript scripting language used by Microsoft.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nAs for the two bugs in IE, researchers warned that either one could lead to code execution only if the victim was logged in with administrative rights.\n\n\u201cThe vulnerabilities could corrupt memory allowing an attacker to execute arbitrary code in the context of the current user,\u201d wrote Jay Goodman, strategic product marketing at Automox, via email. \u201cWhat this means is that an attacker could run malicious code directly on the user\u2019s system. If the user is logged in with administrative rights, those rights would extend to the code.\u201d\n\nAs for the VBscript bug, the researcher said, if an attacker was successful in commandeering the tool via code execution, it would allow an adversary to have sysadmin-like powers. That would allow them to run scripts and leverage software tools to control connected endpoints. \u201c[It] will give the user complete control over many aspects of the device,\u201d Melick said.\n\nAs for the other critical bugs, 17 fixes are tied to Microsoft\u2019s browser and scripting engines, four are for Media Foundation, two are for GDI+ and the remaining three address potentially dangerous LNK files and Microsoft Word and Dynamics Business, points out Animesh Jain with Qualys\u2019 Patch Tuesday team.\n\nJain also singled out another remote code-execution vulnerability (CVE-2020-0852), this time in Microsoft Word. \u201cAn attacker could exploit the vulnerability using a specially crafted file to perform actions on behalf of the logged-in user with the same permissions as the current user,\u201d he noted.\n\nTodd Schell, senior product manager for security at Ivanti, pointed out that the Word issue \u201ccould be exploited through the Preview Pane in Outlook, making it a more interesting target for threat actors.\u201d\n\nHe also noted that Microsoft announced a vulnerability in its Remote Desktop Connection Manager (CVE-2020-0765) that the software giant said it won\u2019t fix. \u201cThey do not plan to release an update to fix the issue,\u201d he said in a prepared statement. \u201cThe product has been deprecated. Their guidance is to use caution if you continue to use RDCMan, but recommends moving to supported Remote Desktop clients.\u201d\n\nThis month Microsoft offered its usual perfunctory advice:\n\n\u201cApply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing. Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack,\u201d it wrote. Besides suggesting to users not to visit untrusted sites or click on suspect links, it recommends, \u201capply the principle of least privilege to all systems and services.\u201d\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-10T21:19:39", "type": "threatpost", "title": "Microsoft Patches 26 Critical Bugs in Big March Update", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0765", "CVE-2020-0824", "CVE-2020-0833", "CVE-2020-0847", "CVE-2020-0852", "CVE-2020-5135"], "modified": "2020-03-10T21:19:39", "id": "THREATPOST:58C865E4F2AA34CD62938A2E6BBFDE44", "href": "https://threatpost.com/microsoft-patches-bugs-march-update/153597/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-11T18:04:31", "description": "Microsoft tackled 115 bug fixes as part of its March Patch Tuesday update \u2013 26 rated critical and 88 rated medium severity. The bugs patched span its product catalog, from Azure DevOps to Windows 10.\n\nThis month\u2019s haul is notable in its quantity and that there are only a few stand-out bugs causing headaches for system administrators. Unlike [last month](<https://threatpost.com/microsoft-active-attacks-air-gap-99-patches/152807/>), Microsoft did not report that any of its bugs were publicly known or under attack at the time it released its bulletin.\n\nWithin the mix of critical issues, Microsoft tacked three remote code execution vulnerabilities. Two are tied to Internet Explorer (CVE-2020-0833, CVE-2020-0824) and the third (CVE-2020-0847) to the VBscript scripting language used by Microsoft.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nAs for the two bugs in IE, researchers warned that either one could lead to code execution only if the victim was logged in with administrative rights.\n\n\u201cThe vulnerabilities could corrupt memory allowing an attacker to execute arbitrary code in the context of the current user,\u201d wrote Jay Goodman, strategic product marketing at Automox, via email. \u201cWhat this means is that an attacker could run malicious code directly on the user\u2019s system. If the user is logged in with administrative rights, those rights would extend to the code.\u201d\n\nAs for the VBscript bug, the researcher said, if an attacker was successful in commandeering the tool via code execution, it would allow an adversary to have sysadmin-like powers. That would allow them to run scripts and leverage software tools to control connected endpoints. \u201c[It] will give the user complete control over many aspects of the device,\u201d Melick said.\n\nAs for the other critical bugs, 17 fixes are tied to Microsoft\u2019s browser and scripting engines, four are for Media Foundation, two are for GDI+ and the remaining three address potentially dangerous LNK files and Microsoft Word and Dynamics Business, points out Animesh Jain with Qualys\u2019 Patch Tuesday team.\n\nJain also singled out another remote code-execution vulnerability (CVE-2020-0852), this time in Microsoft Word. \u201cAn attacker could exploit the vulnerability using a specially crafted file to perform actions on behalf of the logged-in user with the same permissions as the current user,\u201d he noted.\n\nTodd Schell, senior product manager for security at Ivanti, pointed out that the Word issue \u201ccould be exploited through the Preview Pane in Outlook, making it a more interesting target for threat actors.\u201d\n\nHe also noted that Microsoft announced a vulnerability in its Remote Desktop Connection Manager (CVE-2020-0765) that the software giant said it won\u2019t fix. \u201cThey do not plan to release an update to fix the issue,\u201d he said in a prepared statement. \u201cThe product has been deprecated. Their guidance is to use caution if you continue to use RDCMan, but recommends moving to supported Remote Desktop clients.\u201d\n\nThis month Microsoft offered its usual perfunctory advice:\n\n\u201cApply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing. Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack,\u201d it wrote. Besides suggesting to users not to visit untrusted sites or click on suspect links, it recommends, \u201capply the principle of least privilege to all systems and services.\u201d\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-10T21:19:39", "type": "threatpost", "title": "Microsoft Patches 26 Critical Bugs in Big March Update", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-19781", "CVE-2020-0765", "CVE-2020-0824", "CVE-2020-0833", "CVE-2020-0847", "CVE-2020-0852"], "modified": "2020-03-10T21:19:39", "id": "THREATPOST:2D47D18D36043D4DFBFAD7C64345410E", "href": "https://threatpost.com/microsoft-patches-bugs-march-update/153597/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-patches-bugs-march-update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:40:17", "description": "A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2020-0833)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0833"], "modified": "2020-03-10T00:00:00", "id": "CPAI-2020-0096", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:40:20", "description": "A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2020-0832)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0832"], "modified": "2020-03-10T00:00:00", "id": "CPAI-2020-0093", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4538461", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4538461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0816", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0762", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0811", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0763", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0813", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0798", "CVE-2020-0860", "CVE-2020-0854", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0848", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0807", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0776", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0825", "CVE-2020-0812", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781", "CVE-2020-0808"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815789", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815789\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0762\",\n \"CVE-2020-0763\", \"CVE-2020-0768\", \"CVE-2020-0769\", \"CVE-2020-0770\",\n \"CVE-2020-0771\", \"CVE-2020-0772\", \"CVE-2020-0773\", \"CVE-2020-0774\",\n \"CVE-2020-0775\", \"CVE-2020-0776\", \"CVE-2020-0777\", \"CVE-2020-0778\",\n \"CVE-2020-0779\", \"CVE-2020-0780\", \"CVE-2020-0781\", \"CVE-2020-0783\",\n \"CVE-2020-0785\", \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\",\n \"CVE-2020-0793\", \"CVE-2020-0797\", \"CVE-2020-0798\", \"CVE-2020-0799\",\n \"CVE-2020-0800\", \"CVE-2020-0801\", \"CVE-2020-0802\", \"CVE-2020-0803\",\n \"CVE-2020-0804\", \"CVE-2020-0806\", \"CVE-2020-0807\", \"CVE-2020-0808\",\n \"CVE-2020-0809\", \"CVE-2020-0810\", \"CVE-2020-0811\", \"CVE-2020-0812\",\n \"CVE-2020-0813\", \"CVE-2020-0814\", \"CVE-2020-0816\", \"CVE-2020-0819\",\n \"CVE-2020-0820\", \"CVE-2020-0822\", \"CVE-2020-0823\", \"CVE-2020-0824\",\n \"CVE-2020-0825\", \"CVE-2020-0826\", \"CVE-2020-0827\", \"CVE-2020-0828\",\n \"CVE-2020-0829\", \"CVE-2020-0830\", \"CVE-2020-0831\", \"CVE-2020-0832\",\n \"CVE-2020-0833\", \"CVE-2020-0834\", \"CVE-2020-0840\", \"CVE-2020-0841\",\n \"CVE-2020-0842\", \"CVE-2020-0843\", \"CVE-2020-0844\", \"CVE-2020-0845\",\n \"CVE-2020-0847\", \"CVE-2020-0848\", \"CVE-2020-0849\", \"CVE-2020-0853\",\n \"CVE-2020-0854\", \"CVE-2020-0857\", \"CVE-2020-0858\", \"CVE-2020-0859\",\n \"CVE-2020-0860\", \"CVE-2020-0861\", \"CVE-2020-0864\", \"CVE-2020-0865\",\n \"CVE-2020-0866\", \"CVE-2020-0867\", \"CVE-2020-0868\", \"CVE-2020-0869\",\n \"CVE-2020-0871\", \"CVE-2020-0877\", \"CVE-2020-0879\", \"CVE-2020-0880\",\n \"CVE-2020-0881\", \"CVE-2020-0882\", \"CVE-2020-0883\", \"CVE-2020-0885\",\n \"CVE-2020-0887\", \"CVE-2020-0896\", \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 09:28:39 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4538461)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4538461\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Error Reporting improperly handles file operations.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Diagnostics Hub Standard Collector Service improperly handles file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, and conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4538461\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1097\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1097\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:34", "description": "This host is missing a critical security\n update according to Microsoft KB4540681", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540681)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0816", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0762", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0811", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0813", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0798", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0848", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0776", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781", "CVE-2020-0808"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815790", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815790\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0762\",\n \"CVE-2020-0768\", \"CVE-2020-0769\", \"CVE-2020-0770\", \"CVE-2020-0771\",\n \"CVE-2020-0772\", \"CVE-2020-0773\", \"CVE-2020-0774\", \"CVE-2020-0775\",\n \"CVE-2020-0776\", \"CVE-2020-0777\", \"CVE-2020-0778\", \"CVE-2020-0779\",\n \"CVE-2020-0780\", \"CVE-2020-0781\", \"CVE-2020-0783\", \"CVE-2020-0785\",\n \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\", \"CVE-2020-0793\",\n \"CVE-2020-0797\", \"CVE-2020-0798\", \"CVE-2020-0799\", \"CVE-2020-0800\",\n \"CVE-2020-0801\", \"CVE-2020-0802\", \"CVE-2020-0803\", \"CVE-2020-0804\",\n \"CVE-2020-0806\", \"CVE-2020-0808\", \"CVE-2020-0809\", \"CVE-2020-0810\",\n \"CVE-2020-0811\", \"CVE-2020-0813\", \"CVE-2020-0814\", \"CVE-2020-0816\",\n \"CVE-2020-0819\", \"CVE-2020-0820\", \"CVE-2020-0822\", \"CVE-2020-0823\",\n \"CVE-2020-0824\", \"CVE-2020-0826\", \"CVE-2020-0827\", \"CVE-2020-0828\",\n \"CVE-2020-0829\", \"CVE-2020-0830\", \"CVE-2020-0831\", \"CVE-2020-0832\",\n \"CVE-2020-0833\", \"CVE-2020-0834\", \"CVE-2020-0840\", \"CVE-2020-0841\",\n \"CVE-2020-0842\", \"CVE-2020-0843\", \"CVE-2020-0844\", \"CVE-2020-0845\",\n \"CVE-2020-0847\", \"CVE-2020-0848\", \"CVE-2020-0849\", \"CVE-2020-0853\",\n \"CVE-2020-0857\", \"CVE-2020-0858\", \"CVE-2020-0859\", \"CVE-2020-0860\",\n \"CVE-2020-0861\", \"CVE-2020-0864\", \"CVE-2020-0865\", \"CVE-2020-0866\",\n \"CVE-2020-0867\", \"CVE-2020-0868\", \"CVE-2020-0869\", \"CVE-2020-0871\",\n \"CVE-2020-0877\", \"CVE-2020-0880\", \"CVE-2020-0881\", \"CVE-2020-0882\",\n \"CVE-2020-0883\", \"CVE-2020-0885\", \"CVE-2020-0887\", \"CVE-2020-0896\",\n \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 09:44:00 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540681)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540681\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Error Reporting improperly handles file operations.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Windows Media Foundation improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privileges, disclose sensitive information,\n and conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540681\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1746\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1746\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "description": "This host is missing a critical security\n update according to Microsoft KB4540689", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0816", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0762", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0811", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0763", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0813", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0798", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0848", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0807", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0776", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781", "CVE-2020-0808"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815791", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815791\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0762\",\n \"CVE-2020-0763\", \"CVE-2020-0768\", \"CVE-2020-0769\", \"CVE-2020-0770\",\n \"CVE-2020-0771\", \"CVE-2020-0772\", \"CVE-2020-0773\", \"CVE-2020-0774\",\n \"CVE-2020-0775\", \"CVE-2020-0776\", \"CVE-2020-0777\", \"CVE-2020-0778\",\n \"CVE-2020-0779\", \"CVE-2020-0780\", \"CVE-2020-0781\", \"CVE-2020-0783\",\n \"CVE-2020-0785\", \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\",\n \"CVE-2020-0793\", \"CVE-2020-0797\", \"CVE-2020-0798\", \"CVE-2020-0799\",\n \"CVE-2020-0800\", \"CVE-2020-0801\", \"CVE-2020-0802\", \"CVE-2020-0803\",\n \"CVE-2020-0804\", \"CVE-2020-0806\", \"CVE-2020-0807\", \"CVE-2020-0808\",\n \"CVE-2020-0809\", \"CVE-2020-0810\", \"CVE-2020-0811\", \"CVE-2020-0813\",\n \"CVE-2020-0814\", \"CVE-2020-0816\", \"CVE-2020-0819\", \"CVE-2020-0820\",\n \"CVE-2020-0822\", \"CVE-2020-0823\", \"CVE-2020-0824\", \"CVE-2020-0826\",\n \"CVE-2020-0827\", \"CVE-2020-0828\", \"CVE-2020-0829\", \"CVE-2020-0830\",\n \"CVE-2020-0831\", \"CVE-2020-0832\", \"CVE-2020-0833\", \"CVE-2020-0834\",\n \"CVE-2020-0840\", \"CVE-2020-0841\", \"CVE-2020-0842\", \"CVE-2020-0843\",\n \"CVE-2020-0844\", \"CVE-2020-0845\", \"CVE-2020-0847\", \"CVE-2020-0848\",\n \"CVE-2020-0849\", \"CVE-2020-0853\", \"CVE-2020-0857\", \"CVE-2020-0858\",\n \"CVE-2020-0859\", \"CVE-2020-0860\", \"CVE-2020-0861\", \"CVE-2020-0864\",\n \"CVE-2020-0865\", \"CVE-2020-0866\", \"CVE-2020-0867\", \"CVE-2020-0868\",\n \"CVE-2020-0869\", \"CVE-2020-0871\", \"CVE-2020-0877\", \"CVE-2020-0880\",\n \"CVE-2020-0881\", \"CVE-2020-0882\", \"CVE-2020-0883\", \"CVE-2020-0885\",\n \"CVE-2020-0887\", \"CVE-2020-0896\", \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 10:04:45 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540689)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540689\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Error Reporting improperly handles file operations.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Windows Network Connections Service improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privileges, disclose sensitive information,\n and conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please\n see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540689\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1364\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1364\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:35", "description": "This host is missing a critical security\n update according to Microsoft KB4540670", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0816", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0874", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0786", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0788", "CVE-2020-0898", "CVE-2020-0787", "CVE-2020-0798", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0848", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0776", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815788", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815788\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0768\",\n \"CVE-2020-0769\", \"CVE-2020-0770\", \"CVE-2020-0771\", \"CVE-2020-0772\",\n \"CVE-2020-0773\", \"CVE-2020-0774\", \"CVE-2020-0775\", \"CVE-2020-0776\",\n \"CVE-2020-0777\", \"CVE-2020-0778\", \"CVE-2020-0779\", \"CVE-2020-0780\",\n \"CVE-2020-0781\", \"CVE-2020-0783\", \"CVE-2020-0785\", \"CVE-2020-0786\",\n \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\", \"CVE-2020-0793\",\n \"CVE-2020-0797\", \"CVE-2020-0798\", \"CVE-2020-0799\", \"CVE-2020-0800\",\n \"CVE-2020-0801\", \"CVE-2020-0802\", \"CVE-2020-0803\", \"CVE-2020-0804\",\n \"CVE-2020-0806\", \"CVE-2020-0809\", \"CVE-2020-0810\", \"CVE-2020-0814\",\n \"CVE-2020-0816\", \"CVE-2020-0819\", \"CVE-2020-0820\", \"CVE-2020-0822\",\n \"CVE-2020-0823\", \"CVE-2020-0824\", \"CVE-2020-0826\", \"CVE-2020-0827\",\n \"CVE-2020-0828\", \"CVE-2020-0829\", \"CVE-2020-0830\", \"CVE-2020-0831\",\n \"CVE-2020-0832\", \"CVE-2020-0833\", \"CVE-2020-0834\", \"CVE-2020-0840\",\n \"CVE-2020-0841\", \"CVE-2020-0842\", \"CVE-2020-0843\", \"CVE-2020-0844\",\n \"CVE-2020-0845\", \"CVE-2020-0847\", \"CVE-2020-0848\", \"CVE-2020-0849\",\n \"CVE-2020-0853\", \"CVE-2020-0857\", \"CVE-2020-0858\", \"CVE-2020-0859\",\n \"CVE-2020-0860\", \"CVE-2020-0861\", \"CVE-2020-0864\", \"CVE-2020-0865\",\n \"CVE-2020-0866\", \"CVE-2020-0867\", \"CVE-2020-0868\", \"CVE-2020-0869\",\n \"CVE-2020-0871\", \"CVE-2020-0874\", \"CVE-2020-0877\", \"CVE-2020-0879\",\n \"CVE-2020-0880\", \"CVE-2020-0881\", \"CVE-2020-0882\", \"CVE-2020-0883\",\n \"CVE-2020-0885\", \"CVE-2020-0887\", \"CVE-2020-0896\", \"CVE-2020-0897\",\n \"CVE-2020-0898\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 09:05:00 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540670)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540670\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Error Reporting improperly handles file operations.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Diagnostics Hub Standard Collector Service improperly handles file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, conduct denial of service and tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540670\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3563\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3563\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:33", "description": "This host is missing a critical security\n update according to Microsoft KB4540673", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540673)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0816", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2019-1226", "CVE-2020-0874", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0876", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0863", "CVE-2020-0832", "CVE-2020-0762", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0811", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2019-1225", "CVE-2020-0763", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0813", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0798", "CVE-2020-0860", "CVE-2020-0854", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0848", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0807", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0776", "CVE-2020-0859", "CVE-2019-1224", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0825", "CVE-2020-0812", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781", "CVE-2020-0808"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815793", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815793\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1224\", \"CVE-2019-1225\", \"CVE-2019-1226\", \"CVE-2020-0645\",\n \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0762\", \"CVE-2020-0763\",\n \"CVE-2020-0768\", \"CVE-2020-0769\", \"CVE-2020-0770\", \"CVE-2020-0771\",\n \"CVE-2020-0772\", \"CVE-2020-0773\", \"CVE-2020-0774\", \"CVE-2020-0775\",\n \"CVE-2020-0776\", \"CVE-2020-0777\", \"CVE-2020-0778\", \"CVE-2020-0779\",\n \"CVE-2020-0780\", \"CVE-2020-0781\", \"CVE-2020-0783\", \"CVE-2020-0785\",\n \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\", \"CVE-2020-0793\",\n \"CVE-2020-0797\", \"CVE-2020-0798\", \"CVE-2020-0799\", \"CVE-2020-0800\",\n \"CVE-2020-0801\", \"CVE-2020-0802\", \"CVE-2020-0803\", \"CVE-2020-0804\",\n \"CVE-2020-0806\", \"CVE-2020-0807\", \"CVE-2020-0808\", \"CVE-2020-0809\",\n \"CVE-2020-0810\", \"CVE-2020-0811\", \"CVE-2020-0812\", \"CVE-2020-0813\",\n \"CVE-2020-0814\", \"CVE-2020-0816\", \"CVE-2020-0819\", \"CVE-2020-0820\",\n \"CVE-2020-0822\", \"CVE-2020-0823\", \"CVE-2020-0824\", \"CVE-2020-0825\",\n \"CVE-2020-0826\", \"CVE-2020-0827\", \"CVE-2020-0828\", \"CVE-2020-0829\",\n \"CVE-2020-0830\", \"CVE-2020-0831\", \"CVE-2020-0832\", \"CVE-2020-0833\",\n \"CVE-2020-0834\", \"CVE-2020-0840\", \"CVE-2020-0841\", \"CVE-2020-0842\",\n \"CVE-2020-0843\", \"CVE-2020-0844\", \"CVE-2020-0845\", \"CVE-2020-0847\",\n \"CVE-2020-0848\", \"CVE-2020-0849\", \"CVE-2020-0853\", \"CVE-2020-0854\",\n \"CVE-2020-0857\", \"CVE-2020-0858\", \"CVE-2020-0859\", \"CVE-2020-0860\",\n \"CVE-2020-0861\", \"CVE-2020-0863\", \"CVE-2020-0864\", \"CVE-2020-0865\",\n \"CVE-2020-0866\", \"CVE-2020-0867\", \"CVE-2020-0868\", \"CVE-2020-0869\",\n \"CVE-2020-0871\", \"CVE-2020-0874\", \"CVE-2020-0876\", \"CVE-2020-0877\",\n \"CVE-2020-0879\", \"CVE-2020-0880\", \"CVE-2020-0881\", \"CVE-2020-0882\",\n \"CVE-2020-0883\", \"CVE-2020-0885\", \"CVE-2020-0887\", \"CVE-2020-0896\",\n \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 10:34:07 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540673)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540673\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist when,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Diagnostics Hub Standard Collector Service improperly handles file operations.\n\n - Windows Network Connections Service improperly handles objects in memory.\n\n - Windows Media Foundation improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, and conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540673\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.718\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.718\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:34", "description": "This host is missing a critical security\n update according to Microsoft KB4540693", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0828", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0874", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0826", "CVE-2020-0885", "CVE-2020-0775", "CVE-2020-0868", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0823", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0690", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0801", "CVE-2020-0809", "CVE-2020-0829", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0786", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0896", "CVE-2020-0645", "CVE-2020-0820", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0869", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0793", "CVE-2020-0867", "CVE-2020-0841", "CVE-2020-0799", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0827", "CVE-2020-0831", "CVE-2020-0834", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0810", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815792", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815792\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0690\", \"CVE-2020-0768\",\n \"CVE-2020-0769\", \"CVE-2020-0770\", \"CVE-2020-0771\", \"CVE-2020-0772\",\n \"CVE-2020-0773\", \"CVE-2020-0774\", \"CVE-2020-0775\", \"CVE-2020-0777\",\n \"CVE-2020-0778\", \"CVE-2020-0779\", \"CVE-2020-0780\", \"CVE-2020-0781\",\n \"CVE-2020-0783\", \"CVE-2020-0785\", \"CVE-2020-0786\", \"CVE-2020-0787\",\n \"CVE-2020-0788\", \"CVE-2020-0791\", \"CVE-2020-0793\", \"CVE-2020-0797\",\n \"CVE-2020-0799\", \"CVE-2020-0800\", \"CVE-2020-0801\", \"CVE-2020-0802\",\n \"CVE-2020-0803\", \"CVE-2020-0804\", \"CVE-2020-0806\", \"CVE-2020-0809\",\n \"CVE-2020-0810\", \"CVE-2020-0814\", \"CVE-2020-0819\", \"CVE-2020-0820\",\n \"CVE-2020-0822\", \"CVE-2020-0823\", \"CVE-2020-0824\", \"CVE-2020-0826\",\n \"CVE-2020-0827\", \"CVE-2020-0828\", \"CVE-2020-0829\", \"CVE-2020-0830\",\n \"CVE-2020-0831\", \"CVE-2020-0832\", \"CVE-2020-0833\", \"CVE-2020-0834\",\n \"CVE-2020-0840\", \"CVE-2020-0841\", \"CVE-2020-0842\", \"CVE-2020-0843\",\n \"CVE-2020-0844\", \"CVE-2020-0845\", \"CVE-2020-0847\", \"CVE-2020-0849\",\n \"CVE-2020-0853\", \"CVE-2020-0857\", \"CVE-2020-0858\", \"CVE-2020-0859\",\n \"CVE-2020-0860\", \"CVE-2020-0861\", \"CVE-2020-0864\", \"CVE-2020-0865\",\n \"CVE-2020-0866\", \"CVE-2020-0867\", \"CVE-2020-0868\", \"CVE-2020-0869\",\n \"CVE-2020-0871\", \"CVE-2020-0874\", \"CVE-2020-0877\", \"CVE-2020-0879\",\n \"CVE-2020-0880\", \"CVE-2020-0881\", \"CVE-2020-0882\", \"CVE-2020-0883\",\n \"CVE-2020-0885\", \"CVE-2020-0887\", \"CVE-2020-0896\", \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 10:19:43 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540693)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540693\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists when,\n\n - DirectX improperly handles objects in memory.\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Error Reporting improperly handles file operations.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Windows Network Connections Service improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, conduct denial of service and tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540693\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18518\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18518\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T15:41:55", "description": "This host is missing a critical security\n update according to Microsoft KB4540688", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4540688)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0874", "CVE-2020-0778", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0885", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0785", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0882", "CVE-2020-0849", "CVE-2020-0645", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0814", "CVE-2020-0770", "CVE-2020-0771", "CVE-2020-0806", "CVE-2020-0833", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815797", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815797\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0768\", \"CVE-2020-0769\",\n \"CVE-2020-0770\", \"CVE-2020-0771\", \"CVE-2020-0772\", \"CVE-2020-0773\",\n \"CVE-2020-0774\", \"CVE-2020-0778\", \"CVE-2020-0779\", \"CVE-2020-0781\",\n \"CVE-2020-0783\", \"CVE-2020-0785\", \"CVE-2020-0787\", \"CVE-2020-0788\",\n \"CVE-2020-0791\", \"CVE-2020-0802\", \"CVE-2020-0803\", \"CVE-2020-0804\",\n \"CVE-2020-0806\", \"CVE-2020-0814\", \"CVE-2020-0822\", \"CVE-2020-0824\",\n \"CVE-2020-0830\", \"CVE-2020-0832\", \"CVE-2020-0833\", \"CVE-2020-0842\",\n \"CVE-2020-0843\", \"CVE-2020-0844\", \"CVE-2020-0845\", \"CVE-2020-0847\",\n \"CVE-2020-0849\", \"CVE-2020-0853\", \"CVE-2020-0860\", \"CVE-2020-0871\",\n \"CVE-2020-0874\", \"CVE-2020-0877\", \"CVE-2020-0879\", \"CVE-2020-0880\",\n \"CVE-2020-0881\", \"CVE-2020-0882\", \"CVE-2020-0883\", \"CVE-2020-0885\",\n \"CVE-2020-0887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 11:49:28 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4540688)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4540688\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist when,\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Windows Network Connections Service improperly handles objects in memory.\n\n - Connected User Experiences and Telemetry Service improperly handles file\n operations.\n\n For more information refer the references.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows an attacker\n to execute arbitrary code, elevate privileges, disclose sensitive information\n and conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4540688\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24550\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24550\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:36", "description": "This host is missing a critical security\n update according to Microsoft KB4541509", "cvss3": {}, "published": "2020-03-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4541509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0769", "CVE-2020-0803", "CVE-2020-0779", "CVE-2020-0881", "CVE-2020-0874", "CVE-2020-0865", "CVE-2020-0857", "CVE-2020-0858", "CVE-2020-0778", "CVE-2020-0861", "CVE-2020-0783", "CVE-2020-0802", "CVE-2020-0885", "CVE-2020-0768", "CVE-2020-0853", "CVE-2020-0822", "CVE-2020-0800", "CVE-2020-0785", "CVE-2020-0830", "CVE-2020-0877", "CVE-2020-0887", "CVE-2020-0832", "CVE-2020-0824", "CVE-2020-0843", "CVE-2020-0791", "CVE-2020-0844", "CVE-2020-0882", "CVE-2020-0840", "CVE-2020-0849", "CVE-2020-0645", "CVE-2020-0773", "CVE-2020-0774", "CVE-2020-0684", "CVE-2020-0879", "CVE-2020-0788", "CVE-2020-0787", "CVE-2020-0860", "CVE-2020-0845", "CVE-2020-0864", "CVE-2020-0883", "CVE-2020-0842", "CVE-2020-0804", "CVE-2020-0847", "CVE-2020-0772", "CVE-2020-0897", "CVE-2020-0814", "CVE-2020-0866", "CVE-2020-0770", "CVE-2020-0777", "CVE-2020-0799", "CVE-2020-0859", "CVE-2020-0771", "CVE-2020-0834", "CVE-2020-0806", "CVE-2020-0780", "CVE-2020-0833", "CVE-2020-0797", "CVE-2020-0819", "CVE-2020-0871", "CVE-2020-0880", "CVE-2020-0781"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815796", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815796\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0645\", \"CVE-2020-0684\", \"CVE-2020-0768\", \"CVE-2020-0769\",\n \"CVE-2020-0770\", \"CVE-2020-0771\", \"CVE-2020-0772\", \"CVE-2020-0773\",\n \"CVE-2020-0774\", \"CVE-2020-0777\", \"CVE-2020-0778\", \"CVE-2020-0779\",\n \"CVE-2020-0780\", \"CVE-2020-0781\", \"CVE-2020-0783\", \"CVE-2020-0785\",\n \"CVE-2020-0787\", \"CVE-2020-0788\", \"CVE-2020-0791\", \"CVE-2020-0797\",\n \"CVE-2020-0799\", \"CVE-2020-0800\", \"CVE-2020-0802\", \"CVE-2020-0803\",\n \"CVE-2020-0804\", \"CVE-2020-0806\", \"CVE-2020-0814\", \"CVE-2020-0819\",\n \"CVE-2020-0822\", \"CVE-2020-0824\", \"CVE-2020-0830\", \"CVE-2020-0832\",\n \"CVE-2020-0833\", \"CVE-2020-0834\", \"CVE-2020-0840\", \"CVE-2020-0842\",\n \"CVE-2020-0843\", \"CVE-2020-0844\", \"CVE-2020-0845\", \"CVE-2020-0847\",\n \"CVE-2020-0849\", \"CVE-2020-0853\", \"CVE-2020-0857\", \"CVE-2020-0858\",\n \"CVE-2020-0859\", \"CVE-2020-0860\", \"CVE-2020-0861\", \"CVE-2020-0864\",\n \"CVE-2020-0865\", \"CVE-2020-0866\", \"CVE-2020-0871\", \"CVE-2020-0874\",\n \"CVE-2020-0877\", \"CVE-2020-0879\", \"CVE-2020-0880\", \"CVE-2020-0881\",\n \"CVE-2020-0882\", \"CVE-2020-0883\", \"CVE-2020-0885\", \"CVE-2020-0887\",\n \"CVE-2020-0897\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 11:25:04 +0530 (Wed, 11 Mar 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4541509)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4541509\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Error Reporting improperly handles memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Windows Network Connections Service improperly handles objects in memory.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, elevate privilges, disclose sensitive information and\n conduct tampering attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64-based systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4541509\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_is_less(version:sysVer, test_version:\"6.3.9600.19653\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:sysVer, vulnerable_range:\"Less than 6.3.9600.19653\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:34", "description": "[![windows software update](https://thehackernews.com/images/-4ckjphl3u00/XmihmPQvGoI/AAAAAAAAAEM/FNCUH0gjUqgTXZguRlhCOdWkdDGrENMgQCLcBGAsYHQ/s728-e100/windows-software-update.jpg)](<https://thehackernews.com/images/-4ckjphl3u00/XmihmPQvGoI/AAAAAAAAAEM/FNCUH0gjUqgTXZguRlhCOdWkdDGrENMgQCLcBGAsYHQ/s728-e100/windows-software-update.jpg>)\n\nMicrosoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software\u2014making March 2020 edition the biggest ever Patch Tuesday in the company's history. \n \nOf the 115 bugs spanning its various products \u2014 Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio \u2014 that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. \n \nHowever, [unlike last month](<https://thehackernews.com/2020/02/microsoft-windows-updates.html>), none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. \n \nIt's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. \n \nTitled \"LNK Remote Code Execution Vulnerability\" ([CVE-2020-0684](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684>)), the flaw allows an attacker to create malicious LNK shortcut files that can perform code execution. \n \n\"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary,\" Microsoft detailed in its advisory. \"When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice on the target system.\" \n \nThe other bug, Microsoft Word Remote Code Execution Vulnerability ([CVE-2020-0852](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852>)), allows the malware to execute code on a system by merely viewing a specially crafted Word file in the Preview Pane with the same permissions as the currently logged-on user. Microsoft has warned that Microsoft Outlook Preview Pane is also an attack vector for this vulnerability. \n \nElsewhere, the Redmond-based company also issued fixes for remote code execution vulnerabilities tied to Internet Explorer ([CVE-2020-0833](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833>), [CVE-2020-0824](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824>)), Chakra scripting engine ([CVE-2020-0811](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811>)), and Edge browser ([CVE-2020-0816](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816>)). \n \nOne other bug worthy of note is [CVE-2020-0765](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765>) impacting Remote Desktop Connection Manager (RDCMan), for which there is no fix. \"Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the application. Microsoft recommends using supported Remote Desktop clients and exercising caution when opening RDCMan configuration files (.rdg),\" the disclosure reads. \n \nIt's recommended that users and system administrators test and apply the latest security patches as soon as possible to prevent malware or miscreants from exploiting them to gain complete, remote control over vulnerable computers without any intervention. \n \nFor installing the [latest security updates](<https://support.microsoft.com/en-in/help/4027667/windows-10-update>), Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-11T08:31:00", "type": "thn", "title": "Microsoft Issues March 2020 Updates to Patch 115 Security Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0684", "CVE-2020-0765", "CVE-2020-0811", "CVE-2020-0816", "CVE-2020-0824", "CVE-2020-0833", "CVE-2020-0852"], "modified": "2020-03-11T08:31:20", "id": "THN:3D9F7E987C17A81C15F0745D108233C7", "href": "https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2020-03-17T19:36:24", "description": "This month\u2019s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business. Microsoft also issued a patch for an RCE in Microsoft Word. Adobe has not posted any patches for Patch Tuesday.\n\nOn the basis of volume and severity this Patch Tuesday is heavy in weight.\n\nSee [details of the new detections](<https://www.qualys.com/research/security-alerts/2020-03-10/microsoft/>), including description, consequence and solution.\n\n### Workstation Patches\n\nThe Scripting Engine, LNK files ([CVE-2020-0684](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684>)), GDI+([CVE-2020-0831, ](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831>)[CVE-2020-0883](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883>)) and Media Foundation (CVE-2020-0801, CVE-2020-0809, CVE-2020-0807, CVE-2020-0869) patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.\n\n### Microsoft Word RCE\n\nA Remote Code Execution vulnerability ([CVE-2020-0852](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852>)) in Microsoft Word is also covered in today\u2019s patch release. An attacker could exploit the vulnerability using a specially crafted file to perform actions on behalf of the logged-in user with the same permissions as the current user.\n\n### Application Inspector RCE\n\nMicrosoft has also fixed a Remote Code Execution vulnerability ([CVE-2020-0872](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0872>)) in Application Inspector. This vulnerability can allow an attacker to execute their code on a target system if they can convince a user to run Application Inspector on code that includes a specially crafted third-party component. This patch should be prioritized, despite being labeled as \u201cImportant\u201d by Microsoft.\n\n### Dynamics Business Central RCE\n\nDynamics Business Central client is affected by a Remote Code Execution vulnerability ( [CVE-2020-0905](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905>)) that could allow attackers to execute arbitrary shell commands on a target system. While this vulnerability is labeled as \u201cExploitation Less Likely,\u201d considering the target is likely a critical server, this should be prioritized across all Windows servers and workstations.\n\nThere are no Adobe patches released for this Month's Patch Tuesday.\n\n**Update March 11, 2020**: See [Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)](<https://blog.qualys.com/laws-of-vulnerabilities/2020/03/11/microsoft-windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796>)", "cvss3": {}, "published": "2020-03-10T19:07:42", "type": "qualysblog", "title": "March 2020 Patch Tuesday \u2013 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-0684", "CVE-2020-0796", "CVE-2020-0801", "CVE-2020-0807", "CVE-2020-0809", "CVE-2020-0831", "CVE-2020-0852", "CVE-2020-0869", "CVE-2020-0872", "CVE-2020-0883", "CVE-2020-0905"], "modified": "2020-03-10T19:07:42", "id": "QUALYSBLOG:9B7C3806B8C67809B298463FBE31A0A4", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2020/03/10/march-2020-patch-tuesday-115-vulns-26-critical-microsoft-word-and-workstation-patches", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}