CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
9.5%
<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The update addresses the vulnerability by correcting the way in which StartTileData.dll handles objects in memory.</p>
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_10 | 1903 | cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
microsoft | windows_10 | 1909 | cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* |
microsoft | windows_10 | 2004 | cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | 1903 | cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | 1909 | cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | 2004 | cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
9.5%