CVE-2020-0779
published 2020-03-12CVE-2020-0779: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
GHSA
GHSA-hwf9-pw8h-7mw6: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2020-0843 [MEDIUM] CWE-269 GHSA-hwf9-pw8h-7mw6: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842.
GHSA
GHSA-p52c-qqp9-8p57: An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an inse
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2020-0798 [MEDIUM] CWE-269 GHSA-p52c-qqp9-8p57: An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an inse
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.
GHSA
GHSA-q7v5-6947-34gx: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0779 [HIGH] GHSA-q7v5-6947-34gx: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.
GHSA
GHSA-mp9q-9rqc-8x67: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2020-0842 [MEDIUM] CWE-269 GHSA-mp9q-9rqc-8x67: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843.
GHSA
GHSA-4q2q-cpj4-frpf: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
ghsa_unreviewed·2022-05-24·CVSS 5.5
CVE-2020-0814 [MEDIUM] CWE-269 GHSA-4q2q-cpj4-frpf: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.
Microsoft
Windows Installer Elevation of Privilege Vulnerability
vendor_msrc·2020-03-10·CVSS 7.0
CVE-2020-0779 [MEDIUM] Windows Installer Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and add or remove files.
The security update addresses the vulnerability by modifying how reparse points are handled by the Windows Installer.
Microsoft Windows: Microsoft Windows
Issuing CNA: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploita
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft Media Foundation, the GDI+ API and Windows Defender, among others.
Talos released a new
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft M
Bugzilla
CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media
bugzilla·2020-03-06·CVSS 8.8
CVE-2020-6420 [HIGH] CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media
CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media
An insufficient policy enforcement flaw was found in the media component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1050996
External References:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 1811075]
Affects: fedora-all [bug 1811074]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2020:0779 https://access.redhat.com/errata/RHSA-2020:0779
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/secur
2020-03-12
Published