CVE-2020-1234 — Use of Externally-Controlled Format String in Microsoft Windows

CWE-134 — Use of Externally-Controlled Format String CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read CWE-420 — Unprotected Alternate Channel7 documents5 sources

Severity

7.8HIGHNVD

EPSS

15.1%

top 5.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

13

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +10 more

Timeline

PublishedJun 9

Latest updateMar 7

Description

An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_2004_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

4

GHSA

Improper Authentication in Kubernetes↗2022-02-15

▶

GHSA

Lack of validation in data format attributes in TensorFlow↗2020-12-10

▶

GHSA

Denial of Service in Tensorflow↗2020-09-25

▶

CVEList

CVE-2020-1234: An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory↗2020-06-09

▶

📋Vendor Advisories

2

Chrome

Stable Channel Update for Desktop: CVE-2023-1233↗2023-03-07

▶

Microsoft

Windows Error Reporting Elevation of Privilege Vulnerability↗2020-06-09

▶

CVE-2020-1234 — Microsoft Windows vulnerability | cvebase