1. CVE-Search
  2. CVE-2020-0911
ID CVE-2020-0911
Summary <p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Modules Installer handles objects in memory.</p>
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 31-12-2023 - 22:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
misc https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0911
Last major update 31-12-2023 - 22:15
Published 11-09-2020 - 17:15
Last modified 31-12-2023 - 22:15
Back to Top