Information disclosure in Microsoft splwow64



Published: 2020-09-08
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-0790
CVE-2020-0875
CWE-ID CWE-264
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU46510

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0790

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in the way splwow64.exe handles certain calls. A local user can leverage behavior of splwow64.exe to escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 2004

Windows Server: 2008 - 2019 2004

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0790


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU46511

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the way splwow64.exe handles certain calls. A local user can leverage behavior of splwow64.exe to gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 8.1 - 10 2004

Windows Server: 2012 - 2019 2004

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0875


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###