CVE-2020-1507
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2020
Last modified:
31/12/2023
Description
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.<br />
To exploit the vulnerability, a user would have to open a specially crafted file.<br />
The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.<br />
Impact
Base Score 3.x
7.90
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page