Lucene search
HistorySep 11, 2020 - 5:15 p.m.
CVE-2020-1256
cve-2020-1256
information disclosure
vulnerability
windows
gdi
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p>
<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.</p>
<p>The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>
Affected configurations
Node
microsoftwindows_10_1803Match10.0.0
ORmicrosoftwindows_10_1809Match10.0.0
ORmicrosoftwindows_server_2019Match10.0.0
ORmicrosoftwindows_server_2019Match10.0.0
ORmicrosoftwindows_10_1709 for 32-bit systemsMatch10.0.0
ORmicrosoftwindows_10_1709Match10.0.0
ORmicrosoftwindows_10_1903 for 32-bit systemsMatch10.0.0
ORmicrosoftwindows_10_1903 for x64-based systemsMatch10.0.0
ORmicrosoftwindows_10_1903 for arm64-based systemsMatch10.0.0
ORmicrosoftwindows_server,_version_1903Match10.0.0
ORmicrosoftwindows_10_2004Match10.0.0
ORmicrosoftwindows_server_version_2004Match10.0.0
ORmicrosoftwindows_10_1507Match10.0.0
ORmicrosoftwindows_10_1607Match10.0.0
ORmicrosoftwindows_server_2016Match10.0.0
ORmicrosoftwindows_server_2016Match10.0.0
ORmicrosoftwindows_7Match6.1.0
ORmicrosoftwindows_7_sp1Match6.1.0sp1
ORmicrosoftwindows_8.1Match6.3.0
ORmicrosoftwindows_server_2008_r2_sp1Match6.1.0sp1
ORmicrosoftwindows_server_2008_r2_sp1Match6.0.0sp1
ORmicrosoftwindows_server_2012Match6.2.0
ORmicrosoftwindows_server_2012Match6.2.0
ORmicrosoftwindows_server_2012_r2Match6.3.0
ORmicrosoftwindows_server_2012_r2Match6.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_10_1803 | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1803:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1809 | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1809:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 | 10.0.0 | cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 | 10.0.0 | cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1709 for 32-bit systems | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1709 for 32-bit systems:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1709 | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1709:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for 32-bit systems | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for x64-based systems | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for arm64-based systems | 10.0.0 | cpe:2.3:o:microsoft:windows_10_1903 for arm64-based systems:10.0.0:*:*:*:*:*:*:* |
| microsoft | windows_server,_version_1903 | 10.0.0 | cpe:2.3:o:microsoft:windows_server,_version_1903:10.0.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1803",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1809",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1709 for 32-bit Systems",
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1709",
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1903 for 32-bit Systems",
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1903 for x64-based Systems",
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server, version 1903 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 2004",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server version 2004",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1507",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1607",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 7",
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"versions": [
{
"version": "6.1.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 7 Service Pack 1",
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.1.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 8.1",
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 R2 Service Pack 1",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.1.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.2.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.2.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2020-1256 Windows GDI Information Disclosure Vulnerability
2020-09-11 17:09:11
nvd
nvd
CVE-2020-1256
2020-09-11 17:15:20
cnvd
cnvd
prion
prion
Information disclosure
2020-09-11 17:15:00
mscve
mscve
Windows GDI Information Disclosure Vulnerability
2020-09-08 07:00:00
kaspersky
kaspersky
KLA11952 Multiple vulnerabilities in Microsoft ESU products
2020-09-08 00:00:00
KLA11951 Multiple vulnerabilities in Microsoft Windows
2020-09-08 00:00:00
mskb
mskb
September 8, 2020—KB4577051 (Monthly Rollup)
2020-09-08 07:00:00
September 8, 2020—KB4577053 (Security-only update)
2020-09-08 07:00:00
September 8, 2020—KB4577071 (Security-only update)
2021-02-09 08:00:00
nessus
nessus
KB4577048: Windows Server 2012 September 2020 Security Update
2020-09-08 00:00:00
KB4577049: Windows 10 September 2020 Security Update
2020-09-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4577051)
2020-09-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4577049)
2020-09-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4577066)
2020-09-09 00:00:00
avleonov
avleonov
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
Related for CVE-2020-1256