Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2020-16914
HistoryOct 13, 2020 - 7:00 a.m.

Windows GDI+ Information Disclosure Vulnerability

2020-10-1307:00:00
Microsoft
msrc.microsoft.com
24
windows
gdi+
information disclosure
vulnerability
memory
handling
no code execution
security update
microsoft

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.5%

JSON

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how GDI+ handles memory addresses.

Related

nvd 1
cvelist 1
cve 1
cnvd 1
prion 1
mskb 15
nessus 11
openvas 9
kaspersky 2
nvd
nvd
CVE-2020-16914
2020-10-16 23:15:14
cvelist
cvelist
CVE-2020-16914 Windows GDI+ Information Disclosure Vulnerability
2020-10-16 22:17:47
cve
cve
CVE-2020-16914
2020-10-16 23:15:14
cnvd
cnvd
Microsoft Windows and Windows Server Information Disclosure Vulnerability (CNVD-2021-71945)
2020-10-15 00:00:00
prion
prion
Information disclosure
2020-10-16 23:15:00
mskb
mskb
October 13, 2020—KB4580385 (Security-only update)
2020-10-13 07:00:00
October 13, 2020—KB4580378 (Monthly Rollup)
2020-10-13 07:00:00
October 13, 2020—KB4580382 (Monthly Rollup)
2020-10-13 07:00:00
nessus
nessus
KB4580385: Windows Server 2008 October 2020 Security Update
2020-10-13 00:00:00
KB4580353: Windows Server 2012 October 2020 Security Update
2020-10-13 00:00:00
KB4580358: Windows 8.1 and Windows Server 2012 R2 October 2020 Security Update
2020-10-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4580347)
2020-10-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4580345)
2020-10-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4580327)
2020-10-14 00:00:00
kaspersky
kaspersky
KLA11978 Multiple vulnerabilities in Microsoft Products (ESU)
2020-10-13 00:00:00
KLA11977 Multiple vulnerabilities in Microsoft Windows
2020-10-13 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.5%

JSON
Related for MS:CVE-2020-16914
nvd1cvelist1cve1cnvd1prion1mskb15nessus11openvas9kaspersky2