Lucene search

[email protected]NVD:CVE-2020-1272

HistoryJun 09, 2020 - 8:15 p.m.

CVE-2020-1272

2020-06-0920:15:17

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

JSON

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.

Affected configurations

NVD

Node

microsoftwindows_10Match-x64

microsoftwindows_10Match-x86

microsoftwindows_10Match1607

microsoftwindows_10Match1709

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_8.1Match-x64

microsoftwindows_8.1Match-x86

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_server_2008Match-sp2x64

microsoftwindows_server_2008Match-sp2x86

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

microsoftwindows_server_2016Match1803

microsoftwindows_server_2016Match1903

microsoftwindows_server_2016Match1909

microsoftwindows_server_2016Match2004

microsoftwindows_server_2019Match-

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1272

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2020-1272

prion4 cvelist4 cve4 nvd3 mscve4 attackerkb1 mskb15 kaspersky2 nessus11 openvas10 avleonov1