Lucene search

[email protected]NVD:CVE-2020-16921

HistoryOct 16, 2020 - 11:15 p.m.

CVE-2020-16921

2020-10-1623:15:14

[email protected]

web.nvd.nist.gov

cve-2020-16921

information disclosure

text services framework

memory handling

data security

vulnerability

exploitation

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.8%

JSON

An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
To exploit this vulnerability, an attacker would have to log on to an affected system and open a specially crafted file.
The update addresses the vulnerability by correcting how Text Services Framework handles objects in memory.

Affected configurations

Nvd

Node

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_server_2016Match1903

microsoftwindows_server_2016Match1909

microsoftwindows_server_2016Match2004

microsoftwindows_server_2019Match-

VendorProductVersionCPE
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
microsoftwindows_server_20161903cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
microsoftwindows_server_20161909cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
microsoftwindows_server_20162004cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
microsoftwindows_server_2019-cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709:::::::*
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803:::::::*
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809:::::::*
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004:::::::*
microsoft	windows_server_2016	1903	cpe:2.3:o:microsoft:windows_server_2016:1903:::::::*
microsoft	windows_server_2016	1909	cpe:2.3:o:microsoft:windows_server_2016:1909:::::::*
microsoft	windows_server_2016	2004	cpe:2.3:o:microsoft:windows_server_2016:2004:::::::*
microsoft	windows_server_2019	-	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*