#VU28018 Untrusted Pointer Dereference in Windows and Windows Server - CVE-2020-0986
Published: May 19, 2020 / Updated: February 20, 2022
Vulnerability identifier: #VU28018
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2020-0986
CWE-ID: CWE-822
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference within the user-mode printer driver host process splwow64.exe within the Windows kernel. A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code on the system with elevated privileges in the context of the current user at medium integrity level.
Successful exploitation of the vulnerability requires that attacker has the ability to execute low-privileged code on the target system.
Remediation
Install updates from vendor's website.