CVE-2020-0998 — Improper Privilege Management in Microsoft Windows 10 Version 1607

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 41.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1709 Microsoft Windows 10 Version 1709 FOR 32-bit Systems +14 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_8.16.3.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cf35-v9jm-w658: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Compone↗2022-05-24

▶

CVEList

Windows Graphics Component Elevation of Privilege Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Windows Graphics Component Elevation of Privilege Vulnerability↗2020-09-08

▶