VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024

Shell infrastructure component Elevation of Privilege Vulnerability

CVE-2020-0870

Description

<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application.</p>

Affected products

8
  • Microsoft/Windows 10 1809v52 versions
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*+ 1 more
    • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*range: 10.0.0
  • Microsoft/Windows Server 2019v5
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
    Range: 10.0.0
  • Microsoft/Windows 10 1909v5
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    Range: 10.0.0
  • Microsoft/Windows 10v52 versions
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*range: 10.0.0
    • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*range: 10.0.0
  • Microsoft/Windows 10 1607v5
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    Range: 10.0.0
  • Microsoft/Windows Server 2016v5
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    Range: 10.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.