Lucene search

[email protected]NVD:CVE-2020-1510

HistoryAug 17, 2020 - 7:15 p.m.

CVE-2020-1510

2020-08-1719:15:17

CWE-200

[email protected]

web.nvd.nist.gov

information disclosure

win32k

vulnerability

cve-2020-1510

security update

memory handling

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how win32k handles objects in memory.

Affected configurations

Nvd

Node

microsoftwindows_10Match-

microsoftwindows_10Match1607

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

VendorProductVersionCPE
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709:::::::*
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803:::::::*
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809:::::::*
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004:::::::*