SB2022103134 - Multiple vulnerabilities in Dell EMC Unisphere for PowerMax and Dell EMC Solutions Enabler
Published: October 31, 2022 Updated: April 18, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 151 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2020-0683)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists within the Windows Installer when MSI packages process symbolic links. A local user can bypass access restrictions to add or remove files and escalate privileges on the system.
2) Out-of-bounds read (CVE-ID: CVE-2020-0676)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2020-0677)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0678)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Error Reporting manager handles hard links. A local user can create a malicious application, launch it on the system and overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system.
5) Input validation error (CVE-ID: CVE-2020-0681)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.
6) Buffer overflow (CVE-ID: CVE-2020-0680)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Function Discovery Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
7) Buffer overflow (CVE-ID: CVE-2020-0682)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Function Discovery Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
8) Link following (CVE-ID: CVE-2020-0686)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists within the Windows Installer when MSI packages process symbolic links. A local user can bypass access restrictions to add or remove files and escalate privileges on the system.9) Buffer overflow (CVE-ID: CVE-2020-0667)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
10) Out-of-bounds read (CVE-ID: CVE-2020-0698)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Telephony Service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
11) Buffer overflow (CVE-ID: CVE-2020-0703)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Backup Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Buffer overflow (CVE-ID: CVE-2020-0726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
13) Out-of-bounds read (CVE-ID: CVE-2020-0658)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows Common Log File System (CLFS) driver. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
14) Buffer overflow (CVE-ID: CVE-2020-0691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel-mode driver. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
15) Out-of-bounds read (CVE-ID: CVE-2020-0705)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
16) Buffer overflow (CVE-ID: CVE-2020-0708)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when the Windows Imaging Library improperly handles memory. A local attacker can trick a victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Out-of-bounds read (CVE-ID: CVE-2020-0675)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
18) Buffer overflow (CVE-ID: CVE-2020-0668)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
19) Buffer overflow (CVE-ID: CVE-2020-0719)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
20) Out-of-bounds read (CVE-ID: CVE-2020-0880)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A local user can trick a victim to open a specially crafted document or visit an untrusted webpage, trigger out-of-bounds read error and read contents of memory on the system.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0806)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in Windows Error Reporting when handling and executing files. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.
22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0814)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Installer handles certain filesystem operations. A local user can escalate privileges on the system.
23) Buffer overflow (CVE-ID: CVE-2020-0822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Language Pack Installer improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Out-of-bounds read (CVE-ID: CVE-2020-0853)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the Windows Imaging Component fails to properly handle objects in memory. A remote attacker can trick a victim to visit a specially crafted website, trigger out-of-bounds read error and read contents of memory on the system.
25) Buffer overflow (CVE-ID: CVE-2020-0860)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows ActiveX Installer Service improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Buffer overflow (CVE-ID: CVE-2020-0877)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
27) Out-of-bounds read (CVE-ID: CVE-2020-0879)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing untrusted data in Windows Graphics Device Interface (GDI). A local user can create a specially crafted application, trigger out-of-bounds read error and read contents of memory on the system.
28) Buffer overflow (CVE-ID: CVE-2020-0881)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to a boundary error in the Windows Graphics Device Interface (GDI). A local user can trick a victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Buffer overflow (CVE-ID: CVE-2020-0666)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
30) Buffer overflow (CVE-ID: CVE-2020-0883)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to a boundary error in the Windows Graphics Device Interface (GDI). A local user can trick a victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Out-of-bounds read (CVE-ID: CVE-2020-0882)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A local user can trick a victim to open a specially crafted document or visit an untrusted webpage, trigger out-of-bounds read error and read contents of memory on the system.
32) Out-of-bounds read (CVE-ID: CVE-2020-0885)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A remote attacker can trick a victim to open a specially crafted document or visit an untrusted webpage. trigger out-of-bounds read error and read contents of memory on the system.
33) Buffer overflow (CVE-ID: CVE-2020-0887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0655)
The vulnerability allows a remote authenticated user to escalate privileges on the system.
The vulnerability exists due to the way Remote Desktop Services formerly known as Terminal Services handles clipboard redirection. A remote authenticated user with access to a system running Remote Desktop Services can abuse clipboard redirection and execute arbitrary code in the context of another user's session.
35) Buffer overflow (CVE-ID: CVE-2020-0657)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Common Log File System (CLFS) driver. A local usre can run a specially crafted application to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
36) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0665)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists in Active Directory Forest trust due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. A remote user can gain elevated privileges on the target system.
37) Buffer overflow (CVE-ID: CVE-2020-0715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Graphics Component improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Buffer overflow (CVE-ID: CVE-2020-0720)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
39) Buffer overflow (CVE-ID: CVE-2020-0802)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
40) Buffer overflow (CVE-ID: CVE-2020-0824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Buffer overflow (CVE-ID: CVE-2020-0895)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote administrator can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Buffer overflow (CVE-ID: CVE-2020-0967)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Buffer overflow (CVE-ID: CVE-2020-0966)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Buffer overflow (CVE-ID: CVE-2020-0968)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild as of October 1, 2020.
45) Buffer overflow (CVE-ID: CVE-2020-0768)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the the ChakraCore scripting engine in Microsoft browsers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Buffer overflow (CVE-ID: CVE-2020-0847)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Buffer overflow (CVE-ID: CVE-2020-0830)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the the ChakraCore scripting engine in Microsoft browsers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Out-of-bounds read (CVE-ID: CVE-2020-0755)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
49) Buffer overflow (CVE-ID: CVE-2020-0832)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine in Internet Explorer. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
50) Buffer overflow (CVE-ID: CVE-2020-0833)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine in Internet Explorer. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
51) Buffer overflow (CVE-ID: CVE-2020-0673)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote user can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Buffer overflow (CVE-ID: CVE-2020-0674)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
53) Input validation error (CVE-ID: CVE-2020-0606)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when the software fails to check the source markup of a file. A remote attacker can trick a victim to open s specially crafted file and execute arbitrary code in the context of the current user.
54) Input validation error (CVE-ID: CVE-2020-0646)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the Microsoft .NET Framework. A remote attacker can pass specific input to an application utilizing susceptible .Net methods and execute arbitrary code on the target system.
55) Input validation error (CVE-ID: CVE-2020-0605)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when the software fails to check the source markup of a file. A remote attacker can trick a victim to open s specially crafted file and execute arbitrary code in the context of the current user.
56) Out-of-bounds read (CVE-ID: CVE-2020-0756)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
57) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0754)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Error Reporting (WER) handles and executes files. A local user can run a specially crafted application and gain elevated privileges on the target system.
58) Buffer overflow (CVE-ID: CVE-2020-0721)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
59) Use-after-free (CVE-ID: CVE-2020-0731)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory in win32kbase HMMarkObjectDestroy within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
60) Buffer overflow (CVE-ID: CVE-2020-0722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
61) Buffer overflow (CVE-ID: CVE-2020-0723)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
62) Buffer overflow (CVE-ID: CVE-2020-0725)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
63) Buffer overflow (CVE-ID: CVE-2020-0724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
64) Input validation error (CVE-ID: CVE-2020-0729)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing .LNK files. A remote attacker can trick a victim to open a removable drive, or remote share, that contains a malicious .LNK file and execute arbitrary code on the target system.
65) Input validation error (CVE-ID: CVE-2020-0734)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.
66) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0730)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles symlinks. A local user can create a malicious application, launch it on the system and delete files and folders in an elevated context.
To exploit this vulnerability, an attacker would first have to log on to the system.
67) Out-of-bounds read (CVE-ID: CVE-2020-0736)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
68) Buffer overflow (CVE-ID: CVE-2020-0752)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
69) Buffer overflow (CVE-ID: CVE-2020-0735)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
70) Buffer overflow (CVE-ID: CVE-2020-0738)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when Windows Media Foundation improperly handles objects in memory. A remote attacker can trick a victim to open a specially crafted document, or convinc a victim to visit a malicious webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
71) Buffer overflow (CVE-ID: CVE-2020-0737)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the tapisrv.dll when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
72) Out-of-bounds read (CVE-ID: CVE-2020-0744)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when Windows Graphics Device Interface (GDI) improperly handles objects in memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
73) Out-of-bounds read (CVE-ID: CVE-2020-0748)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Cryptography Next Generation (CNG) service. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
74) Buffer overflow (CVE-ID: CVE-2020-0745)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Graphics Component improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
75) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Error Reporting (WER) handles and executes files. A local user can run a specially crafted application and gain elevated privileges on the target system.
76) Buffer overflow (CVE-ID: CVE-2020-0803)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
77) Buffer overflow (CVE-ID: CVE-2020-0788)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
78) Buffer overflow (CVE-ID: CVE-2020-1008)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
79) Buffer overflow (CVE-ID: CVE-2020-0992)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
80) Input validation error (CVE-ID: CVE-2020-0993)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the Windows DNS fails to properly handle queries. A remote authenticated attacker can send malicious DNS queries and perform a denial of service (DoS) attack.
81) Buffer overflow (CVE-ID: CVE-2020-0999)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
82) Buffer overflow (CVE-ID: CVE-2020-1004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Graphics Component improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
83) Out-of-bounds read (CVE-ID: CVE-2020-1005)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Microsoft Windows Graphics Component. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
84) Out-of-bounds read (CVE-ID: CVE-2020-1007)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
85) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-1014)
.The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Microsoft Windows Update Client does not properly handle privileges. A local user can run a specially crafted application and run processes in an elevated context
86) Buffer overflow (CVE-ID: CVE-2020-0988)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
87) Buffer overflow (CVE-ID: CVE-2020-1015)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the User-Mode Power Service (UMPS) when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
88) Buffer overflow (CVE-ID: CVE-2020-1094)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Work Folder Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
89) Input validation error (CVE-ID: CVE-2020-0687)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Windows font library when processing specially crafted embedded fonts. A remote attacker can trick the victim to open a specially crafted document or visit a website and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
90) Buffer overflow (CVE-ID: CVE-2020-0889)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
91) Buffer overflow (CVE-ID: CVE-2020-0938)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
92) Out-of-bounds read (CVE-ID: CVE-2020-0946)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within Media Foundation. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
93) Out-of-bounds read (CVE-ID: CVE-2020-0952)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
94) Out-of-bounds read (CVE-ID: CVE-2020-0987)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the processing of EMF images in gdi32full.dll Windows Graphics Component. A local user can use a specially EMR_SETDIBITSTODEVICE record in an EMF image to trigger out-of-bounds read error and read contents of memory on the system.
95) Buffer overflow (CVE-ID: CVE-2020-0907)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Microsoft Graphics Components. A remote authenticated attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
96) Out-of-bounds read (CVE-ID: CVE-2020-0955)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel when certain central processing units (CPU) speculatively access memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
97) Improper input validation (CVE-ID: CVE-2020-2767)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the JSSE component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
98) Improper input validation (CVE-ID: CVE-2020-2803)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Java component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
99) Improper input validation (CVE-ID: CVE-2020-2805)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
100) Buffer overflow (CVE-ID: CVE-2019-18197)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xsltCopyText() function in transform.c in libxslt. A remote attacker can create a specially crafted XML document, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
101) Improper input validation (CVE-ID: CVE-2020-2816)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JSSE component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
102) Improper input validation (CVE-ID: CVE-2020-2781)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JSSE component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
103) Improper input validation (CVE-ID: CVE-2020-2830)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
104) Improper input validation (CVE-ID: CVE-2020-2800)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Lightweight HTTP Server component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
105) Out-of-bounds read (CVE-ID: CVE-2020-0821)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
106) Improper input validation (CVE-ID: CVE-2020-2778)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JSSE component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
107) Improper input validation (CVE-ID: CVE-2020-2764)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Advanced Management Console component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
108) Improper input validation (CVE-ID: CVE-2020-2754)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Scripting component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
109) Improper input validation (CVE-ID: CVE-2020-2755)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Scripting component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
110) Improper input validation (CVE-ID: CVE-2020-2773)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Security component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
111) Improper input validation (CVE-ID: CVE-2020-2756)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
112) Improper input validation (CVE-ID: CVE-2020-2757)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
113) Buffer overflow (CVE-ID: CVE-2020-0953)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
114) Buffer overflow (CVE-ID: CVE-2020-0957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel-mode driver. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
115) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0787)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Background Intelligent Transfer Service (BITS) handles symbolic links. A local user can create a malicious application, launch it on the system and overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system.
116) Buffer overflow (CVE-ID: CVE-2020-0769)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows CSC Service improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
117) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0843)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Installer handles certain filesystem operations. A local user can escalate privileges on the system.
118) Buffer overflow (CVE-ID: CVE-2020-0844)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when Connected User Experiences and Telemetry Service improperly handles file operations. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
119) Buffer overflow (CVE-ID: CVE-2020-0845)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
120) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles hard links. A local user can create a malicious application, launch it on the system and overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system.
121) Out-of-bounds read (CVE-ID: CVE-2020-0871)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling objects in memory within Windows Network Connections Service. A local user can create a specially crafted application and gain access to memory contents of an elevated process.
122) HTTP response splitting (CVE-ID: CVE-2020-0645)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not corrector process HTTP request headers. A remote attacker can send specially crafted HTTP request and modify the response, sent by the web server.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
123) Buffer overflow (CVE-ID: CVE-2020-0770)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows ActiveX Installer Service improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
124) Buffer overflow (CVE-ID: CVE-2020-0804)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
125) Buffer overflow (CVE-ID: CVE-2020-0771)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows CSC Service improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
126) Buffer overflow (CVE-ID: CVE-2020-0773)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows ActiveX Installer Service improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
127) Link following (CVE-ID: CVE-2020-0779)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure processing of symbolic links in MSI packages within the Windows Installer. A local user can create a specially crafted symbolic link and elevate privileges on the system.
128) Buffer overflow (CVE-ID: CVE-2020-0778)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Network Connections Service when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
129) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0781)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Universal Plug and Play (UPnP) service handles objects in memory. A local user can create a malicious application, launch it on the system and run arbitrary code with elevated system privileges.
130) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0783)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Universal Plug and Play (UPnP) service handles objects in memory. A local user can create a malicious application, launch it on the system and run arbitrary code with elevated system privileges.
131) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0785)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows User Profile Service (ProfSvc) handles symlinks. A local user can create a malicious application, launch it on the system and delete files and folders in an elevated context.
To exploit this vulnerability, an attacker would first have to log on to the system.
132) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Installer handles certain filesystem operations. A local user can escalate privileges on the system.
133) Buffer overflow (CVE-ID: CVE-2020-0791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when the Windows Graphics Component improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
134) Buffer overflow (CVE-ID: CVE-2020-0956)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel-mode driver. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
135) Out-of-bounds read (CVE-ID: CVE-2020-0982)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Microsoft Windows Graphics Component. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
136) Buffer overflow (CVE-ID: CVE-2020-0958)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel-mode driver. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
137) Buffer overflow (CVE-ID: CVE-2020-0959)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
138) Buffer overflow (CVE-ID: CVE-2020-0960)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
139) Out-of-bounds read (CVE-ID: CVE-2020-0962)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the win32k component. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
140) Buffer overflow (CVE-ID: CVE-2020-0964)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Graphics Device Interface (GDI). A remote authenticated attacker can trick a victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
141) Buffer overflow (CVE-ID: CVE-2020-0965)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Microsoft Windows Codecs Library. A remote attacker can send a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
142) Buffer overflow (CVE-ID: CVE-2020-0994)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
143) Buffer overflow (CVE-ID: CVE-2020-0995)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Jet Database Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
144) Out-of-bounds read (CVE-ID: CVE-2020-0774)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A local user can trick a victim to open a specially crafted document or visit an untrusted webpage, trigger out-of-bounds read error and read contents of memory on the system.
145) Buffer overflow (CVE-ID: CVE-2020-1000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
146) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-1009)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way that the Microsoft Store Install Service handles file operations in protected locations. A local user can run a specially crafted application and execute arbitrary code with elevated permissions.
147) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-1011)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Windows System Assessment Tool improperly handles file operations. A local user can run a specially crafted application and run processes in an elevated context.
148) Buffer overflow (CVE-ID: CVE-2020-1020)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
149) Buffer overflow (CVE-ID: CVE-2020-1027)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
150) Input validation error (CVE-ID: CVE-2020-0684)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists in Microsoft Windows due to insufficient validation of user-supplied input when processing .LNK file. A remote attacker can trick a victim to open a removable drive or remote share, that contains a malicious .LNK file and execute arbitrary code on the target system.
151) Buffer overflow (CVE-ID: CVE-2020-0772)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when Windows Error Reporting improperly handles memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.