A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1478.json b/2020/1xxx/CVE-2020-1478.json index 9288ae591c5..6032b47d174 100644 --- a/2020/1xxx/CVE-2020-1478.json +++ b/2020/1xxx/CVE-2020-1478.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1479.json b/2020/1xxx/CVE-2020-1479.json index 408c6097298..95822381da2 100644 --- a/2020/1xxx/CVE-2020-1479.json +++ b/2020/1xxx/CVE-2020-1479.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how DirectX handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how DirectX handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1480.json b/2020/1xxx/CVE-2020-1480.json index 46b652c40df..63265c0c534 100644 --- a/2020/1xxx/CVE-2020-1480.json +++ b/2020/1xxx/CVE-2020-1480.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1483.json b/2020/1xxx/CVE-2020-1483.json index 268c9d0dabd..971f266d2aa 100644 --- a/2020/1xxx/CVE-2020-1483.json +++ b/2020/1xxx/CVE-2020-1483.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nNote that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.
\nThe security update addresses the vulnerability by correcting how Outlook handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nNote that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.\nThe security update addresses the vulnerability by correcting how Outlook handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1484.json b/2020/1xxx/CVE-2020-1484.json index 221d337f463..575dd2201c5 100644 --- a/2020/1xxx/CVE-2020-1484.json +++ b/2020/1xxx/CVE-2020-1484.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1485.json b/2020/1xxx/CVE-2020-1485.json index 8ff86606db8..70aad32012e 100644 --- a/2020/1xxx/CVE-2020-1485.json +++ b/2020/1xxx/CVE-2020-1485.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.
\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1486.json b/2020/1xxx/CVE-2020-1486.json index 78b1df4d8d5..a9dc7a9868b 100644 --- a/2020/1xxx/CVE-2020-1486.json +++ b/2020/1xxx/CVE-2020-1486.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1487.json b/2020/1xxx/CVE-2020-1487.json index d538fe34065..5c3bc585191 100644 --- a/2020/1xxx/CVE-2020-1487.json +++ b/2020/1xxx/CVE-2020-1487.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
\nThe update addresses the vulnerability by correcting how Media Foundation handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.\nThe update addresses the vulnerability by correcting how Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1488.json b/2020/1xxx/CVE-2020-1488.json index abe8c5cebd6..22cf9720eb8 100644 --- a/2020/1xxx/CVE-2020-1488.json +++ b/2020/1xxx/CVE-2020-1488.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
\nTo exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.\nTo exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1489.json b/2020/1xxx/CVE-2020-1489.json index fab7f98294c..b6589fc09b0 100644 --- a/2020/1xxx/CVE-2020-1489.json +++ b/2020/1xxx/CVE-2020-1489.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1490.json b/2020/1xxx/CVE-2020-1490.json index a0685c32122..b5412d2b77a 100644 --- a/2020/1xxx/CVE-2020-1490.json +++ b/2020/1xxx/CVE-2020-1490.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.
\nTo exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how the Storage Services handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\nTo exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.\nThe security update addresses the vulnerability by correcting how the Storage Services handles file operations.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1492.json b/2020/1xxx/CVE-2020-1492.json index b625f9a89bc..3380761bbac 100644 --- a/2020/1xxx/CVE-2020-1492.json +++ b/2020/1xxx/CVE-2020-1492.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1493.json b/2020/1xxx/CVE-2020-1493.json index 483c0bdf367..89e77d3a5f1 100644 --- a/2020/1xxx/CVE-2020-1493.json +++ b/2020/1xxx/CVE-2020-1493.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
\nTo exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
\nThe security update addresses the vulnerability by correcting how Outlook handles file attachment links.
\n" + "value": "An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.\nTo exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.\nThe security update addresses the vulnerability by correcting how Outlook handles file attachment links.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1494.json b/2020/1xxx/CVE-2020-1494.json index 0893fa824ba..6d56cbe6c62 100644 --- a/2020/1xxx/CVE-2020-1494.json +++ b/2020/1xxx/CVE-2020-1494.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1495.json b/2020/1xxx/CVE-2020-1495.json index c68601a76a2..c4efc5310cd 100644 --- a/2020/1xxx/CVE-2020-1495.json +++ b/2020/1xxx/CVE-2020-1495.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1496.json b/2020/1xxx/CVE-2020-1496.json index 587e7005aa1..6a59e4d98c6 100644 --- a/2020/1xxx/CVE-2020-1496.json +++ b/2020/1xxx/CVE-2020-1496.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1497.json b/2020/1xxx/CVE-2020-1497.json index c82ffc473e7..d56326dac8c 100644 --- a/2020/1xxx/CVE-2020-1497.json +++ b/2020/1xxx/CVE-2020-1497.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1498.json b/2020/1xxx/CVE-2020-1498.json index b88f8868045..ad6d4a74012 100644 --- a/2020/1xxx/CVE-2020-1498.json +++ b/2020/1xxx/CVE-2020-1498.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1499.json b/2020/1xxx/CVE-2020-1499.json index 98ddb060d52..220b20edddc 100644 --- a/2020/1xxx/CVE-2020-1499.json +++ b/2020/1xxx/CVE-2020-1499.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1500.json b/2020/1xxx/CVE-2020-1500.json index ae714fed9e7..451e3e6da28 100644 --- a/2020/1xxx/CVE-2020-1500.json +++ b/2020/1xxx/CVE-2020-1500.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1501.json b/2020/1xxx/CVE-2020-1501.json index 835126e06d0..638987e055e 100644 --- a/2020/1xxx/CVE-2020-1501.json +++ b/2020/1xxx/CVE-2020-1501.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1502.json b/2020/1xxx/CVE-2020-1502.json index 652e08391da..c11f536260b 100644 --- a/2020/1xxx/CVE-2020-1502.json +++ b/2020/1xxx/CVE-2020-1502.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1503.json b/2020/1xxx/CVE-2020-1503.json index 55ac6041cc8..b6756978c2a 100644 --- a/2020/1xxx/CVE-2020-1503.json +++ b/2020/1xxx/CVE-2020-1503.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1504.json b/2020/1xxx/CVE-2020-1504.json index ff52ce6675b..33886758cc1 100644 --- a/2020/1xxx/CVE-2020-1504.json +++ b/2020/1xxx/CVE-2020-1504.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1505.json b/2020/1xxx/CVE-2020-1505.json index 5d00f1be05c..61dfa5edf10 100644 --- a/2020/1xxx/CVE-2020-1505.json +++ b/2020/1xxx/CVE-2020-1505.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1509.json b/2020/1xxx/CVE-2020-1509.json index b1683755305..006f92aa089 100644 --- a/2020/1xxx/CVE-2020-1509.json +++ b/2020/1xxx/CVE-2020-1509.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.
\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
\n" + "value": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1510.json b/2020/1xxx/CVE-2020-1510.json index 39f7f2ac19c..ab918bd4ebe 100644 --- a/2020/1xxx/CVE-2020-1510.json +++ b/2020/1xxx/CVE-2020-1510.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how win32k handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how win32k handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1511.json b/2020/1xxx/CVE-2020-1511.json index 256d6508edb..031c5811b78 100644 --- a/2020/1xxx/CVE-2020-1511.json +++ b/2020/1xxx/CVE-2020-1511.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1512.json b/2020/1xxx/CVE-2020-1512.json index b3c9fcdca69..c597b652dda 100644 --- a/2020/1xxx/CVE-2020-1512.json +++ b/2020/1xxx/CVE-2020-1512.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1513.json b/2020/1xxx/CVE-2020-1513.json index 8ad31b77df0..766f2a28d08 100644 --- a/2020/1xxx/CVE-2020-1513.json +++ b/2020/1xxx/CVE-2020-1513.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1515.json b/2020/1xxx/CVE-2020-1515.json index d2a35f04b32..c524d8013be 100644 --- a/2020/1xxx/CVE-2020-1515.json +++ b/2020/1xxx/CVE-2020-1515.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1516.json b/2020/1xxx/CVE-2020-1516.json index 7d84ca31f05..bbda163439c 100644 --- a/2020/1xxx/CVE-2020-1516.json +++ b/2020/1xxx/CVE-2020-1516.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1517.json b/2020/1xxx/CVE-2020-1517.json index 6e6fa929693..bca414b20fe 100644 --- a/2020/1xxx/CVE-2020-1517.json +++ b/2020/1xxx/CVE-2020-1517.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1518.json b/2020/1xxx/CVE-2020-1518.json index 12eb18d5150..f2dec9e1c2b 100644 --- a/2020/1xxx/CVE-2020-1518.json +++ b/2020/1xxx/CVE-2020-1518.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1519.json b/2020/1xxx/CVE-2020-1519.json index 584ec184f0e..a07aeb5c84a 100644 --- a/2020/1xxx/CVE-2020-1519.json +++ b/2020/1xxx/CVE-2020-1519.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1520.json b/2020/1xxx/CVE-2020-1520.json index dae08b41b94..e967cf7ee0e 100644 --- a/2020/1xxx/CVE-2020-1520.json +++ b/2020/1xxx/CVE-2020-1520.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.
\nAn attacker who successfully exploited the vulnerability would gain execution on a victim system.
\nThe security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.\nAn attacker who successfully exploited the vulnerability would gain execution on a victim system.\nThe security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1521.json b/2020/1xxx/CVE-2020-1521.json index 46be3310005..8a90e0f38b9 100644 --- a/2020/1xxx/CVE-2020-1521.json +++ b/2020/1xxx/CVE-2020-1521.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1522.json b/2020/1xxx/CVE-2020-1522.json index 474e2b487f2..a4633bfbc69 100644 --- a/2020/1xxx/CVE-2020-1522.json +++ b/2020/1xxx/CVE-2020-1522.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1524.json b/2020/1xxx/CVE-2020-1524.json index 5bfad15fcf2..8266bc67a43 100644 --- a/2020/1xxx/CVE-2020-1524.json +++ b/2020/1xxx/CVE-2020-1524.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1525.json b/2020/1xxx/CVE-2020-1525.json index e9715309ee6..7b1b507b454 100644 --- a/2020/1xxx/CVE-2020-1525.json +++ b/2020/1xxx/CVE-2020-1525.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1526.json b/2020/1xxx/CVE-2020-1526.json index 49f72fd1eea..43ddb2e09d9 100644 --- a/2020/1xxx/CVE-2020-1526.json +++ b/2020/1xxx/CVE-2020-1526.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1527.json b/2020/1xxx/CVE-2020-1527.json index 8b034e594b0..22be5ddf43c 100644 --- a/2020/1xxx/CVE-2020-1527.json +++ b/2020/1xxx/CVE-2020-1527.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1528.json b/2020/1xxx/CVE-2020-1528.json index df2d8c1bb98..47df359aabf 100644 --- a/2020/1xxx/CVE-2020-1528.json +++ b/2020/1xxx/CVE-2020-1528.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1529.json b/2020/1xxx/CVE-2020-1529.json index 4e373391d3b..d95dcd8118a 100644 --- a/2020/1xxx/CVE-2020-1529.json +++ b/2020/1xxx/CVE-2020-1529.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1530.json b/2020/1xxx/CVE-2020-1530.json index 04774696372..f3744f84962 100644 --- a/2020/1xxx/CVE-2020-1530.json +++ b/2020/1xxx/CVE-2020-1530.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how Windows Remote Access handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how Windows Remote Access handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1531.json b/2020/1xxx/CVE-2020-1531.json index 0923b5503f2..8d47ad9ed8b 100644 --- a/2020/1xxx/CVE-2020-1531.json +++ b/2020/1xxx/CVE-2020-1531.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1533.json b/2020/1xxx/CVE-2020-1533.json index 9d0557f6940..03372438bc3 100644 --- a/2020/1xxx/CVE-2020-1533.json +++ b/2020/1xxx/CVE-2020-1533.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1534.json b/2020/1xxx/CVE-2020-1534.json index d890c377b0a..f1110dfca5a 100644 --- a/2020/1xxx/CVE-2020-1534.json +++ b/2020/1xxx/CVE-2020-1534.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1535.json b/2020/1xxx/CVE-2020-1535.json index 80fcb3c2479..bda2c690c80 100644 --- a/2020/1xxx/CVE-2020-1535.json +++ b/2020/1xxx/CVE-2020-1535.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1536.json b/2020/1xxx/CVE-2020-1536.json index 4207d926013..4fb826eb46e 100644 --- a/2020/1xxx/CVE-2020-1536.json +++ b/2020/1xxx/CVE-2020-1536.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1537.json b/2020/1xxx/CVE-2020-1537.json index ee58e26a521..7420d4520dd 100644 --- a/2020/1xxx/CVE-2020-1537.json +++ b/2020/1xxx/CVE-2020-1537.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
\nTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\nTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1538.json b/2020/1xxx/CVE-2020-1538.json index 6691f8dc82f..adb6219338a 100644 --- a/2020/1xxx/CVE-2020-1538.json +++ b/2020/1xxx/CVE-2020-1538.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1539.json b/2020/1xxx/CVE-2020-1539.json index e5200967da3..78dce56f420 100644 --- a/2020/1xxx/CVE-2020-1539.json +++ b/2020/1xxx/CVE-2020-1539.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1540.json b/2020/1xxx/CVE-2020-1540.json index a3d353fe5d1..49cb9616c4f 100644 --- a/2020/1xxx/CVE-2020-1540.json +++ b/2020/1xxx/CVE-2020-1540.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1541.json b/2020/1xxx/CVE-2020-1541.json index 7038d1bb9e6..12553fd1795 100644 --- a/2020/1xxx/CVE-2020-1541.json +++ b/2020/1xxx/CVE-2020-1541.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1542.json b/2020/1xxx/CVE-2020-1542.json index c41e7d2482a..1f6e52d7249 100644 --- a/2020/1xxx/CVE-2020-1542.json +++ b/2020/1xxx/CVE-2020-1542.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1543.json b/2020/1xxx/CVE-2020-1543.json index c535b410ef6..5139c3f5250 100644 --- a/2020/1xxx/CVE-2020-1543.json +++ b/2020/1xxx/CVE-2020-1543.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1544.json b/2020/1xxx/CVE-2020-1544.json index 040b35c608b..717b8e3bb5b 100644 --- a/2020/1xxx/CVE-2020-1544.json +++ b/2020/1xxx/CVE-2020-1544.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1545.json b/2020/1xxx/CVE-2020-1545.json index 867eb6e4fac..6d696103bcf 100644 --- a/2020/1xxx/CVE-2020-1545.json +++ b/2020/1xxx/CVE-2020-1545.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1546.json b/2020/1xxx/CVE-2020-1546.json index ba3e6ddbd15..bc89eb7be30 100644 --- a/2020/1xxx/CVE-2020-1546.json +++ b/2020/1xxx/CVE-2020-1546.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1547.json b/2020/1xxx/CVE-2020-1547.json index d88ff144e81..3439e008544 100644 --- a/2020/1xxx/CVE-2020-1547.json +++ b/2020/1xxx/CVE-2020-1547.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1548.json b/2020/1xxx/CVE-2020-1548.json index e7b98bd6a27..aa3fcf3e381 100644 --- a/2020/1xxx/CVE-2020-1548.json +++ b/2020/1xxx/CVE-2020-1548.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory.
\nThe security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory.\nThe security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1549.json b/2020/1xxx/CVE-2020-1549.json index c95cb888bf8..68c37a5d8bf 100644 --- a/2020/1xxx/CVE-2020-1549.json +++ b/2020/1xxx/CVE-2020-1549.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1550.json b/2020/1xxx/CVE-2020-1550.json index dc5d5cbf622..a56f9f036ba 100644 --- a/2020/1xxx/CVE-2020-1550.json +++ b/2020/1xxx/CVE-2020-1550.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1551.json b/2020/1xxx/CVE-2020-1551.json index 20739fce386..5831a2c4292 100644 --- a/2020/1xxx/CVE-2020-1551.json +++ b/2020/1xxx/CVE-2020-1551.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1552.json b/2020/1xxx/CVE-2020-1552.json index 1b69147499f..37b287b8d25 100644 --- a/2020/1xxx/CVE-2020-1552.json +++ b/2020/1xxx/CVE-2020-1552.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1553.json b/2020/1xxx/CVE-2020-1553.json index a3ec7d0e877..aa33a4b3429 100644 --- a/2020/1xxx/CVE-2020-1553.json +++ b/2020/1xxx/CVE-2020-1553.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1554.json b/2020/1xxx/CVE-2020-1554.json index 4417a94de25..519c19e2d57 100644 --- a/2020/1xxx/CVE-2020-1554.json +++ b/2020/1xxx/CVE-2020-1554.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1555.json b/2020/1xxx/CVE-2020-1555.json index 5450857a96c..fb6700f06cf 100644 --- a/2020/1xxx/CVE-2020-1555.json +++ b/2020/1xxx/CVE-2020-1555.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1556.json b/2020/1xxx/CVE-2020-1556.json index 5bf210b3cf6..5f1eaf8910b 100644 --- a/2020/1xxx/CVE-2020-1556.json +++ b/2020/1xxx/CVE-2020-1556.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1557.json b/2020/1xxx/CVE-2020-1557.json index f3a87f82fee..e1a6dd6f419 100644 --- a/2020/1xxx/CVE-2020-1557.json +++ b/2020/1xxx/CVE-2020-1557.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1558.json b/2020/1xxx/CVE-2020-1558.json index 644fa14d637..7afb9e5ca57 100644 --- a/2020/1xxx/CVE-2020-1558.json +++ b/2020/1xxx/CVE-2020-1558.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1560.json b/2020/1xxx/CVE-2020-1560.json index 824cd9a0078..23953200910 100644 --- a/2020/1xxx/CVE-2020-1560.json +++ b/2020/1xxx/CVE-2020-1560.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1561.json b/2020/1xxx/CVE-2020-1561.json index 2e5ac05adf8..a51a09fdfdb 100644 --- a/2020/1xxx/CVE-2020-1561.json +++ b/2020/1xxx/CVE-2020-1561.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
\nTo exploit the vulnerability, a user would have to open a specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\nTo exploit the vulnerability, a user would have to open a specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1562.json b/2020/1xxx/CVE-2020-1562.json index 5f17ea8312a..bc02a1c5050 100644 --- a/2020/1xxx/CVE-2020-1562.json +++ b/2020/1xxx/CVE-2020-1562.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
\nTo exploit the vulnerability, a user would have to open a specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\nTo exploit the vulnerability, a user would have to open a specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1563.json b/2020/1xxx/CVE-2020-1563.json index ecfd1921718..2f74bde0ec6 100644 --- a/2020/1xxx/CVE-2020-1563.json +++ b/2020/1xxx/CVE-2020-1563.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
\nThe security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\nThe security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1564.json b/2020/1xxx/CVE-2020-1564.json index 3a76e3c3f4a..916cc07c856 100644 --- a/2020/1xxx/CVE-2020-1564.json +++ b/2020/1xxx/CVE-2020-1564.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1565.json b/2020/1xxx/CVE-2020-1565.json index 62ec55a0e29..ce32e19e4d4 100644 --- a/2020/1xxx/CVE-2020-1565.json +++ b/2020/1xxx/CVE-2020-1565.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how Windows handles junctions.
\n" + "value": "An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how Windows handles junctions.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1566.json b/2020/1xxx/CVE-2020-1566.json index 7a9ff903c04..6ad82433206 100644 --- a/2020/1xxx/CVE-2020-1566.json +++ b/2020/1xxx/CVE-2020-1566.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1567.json b/2020/1xxx/CVE-2020-1567.json index e9931a6af0b..4cd386ee466 100644 --- a/2020/1xxx/CVE-2020-1567.json +++ b/2020/1xxx/CVE-2020-1567.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.
\nAn attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how MSHTML engine validates input.
\n" + "value": "A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.\nAn attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how MSHTML engine validates input.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1568.json b/2020/1xxx/CVE-2020-1568.json index 2cd04e7e999..d82f3d52440 100644 --- a/2020/1xxx/CVE-2020-1568.json +++ b/2020/1xxx/CVE-2020-1568.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.
\nThe security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\nThe security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1569.json b/2020/1xxx/CVE-2020-1569.json index 95f455709e5..0b4d7ab16d6 100644 --- a/2020/1xxx/CVE-2020-1569.json +++ b/2020/1xxx/CVE-2020-1569.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.
\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1570.json b/2020/1xxx/CVE-2020-1570.json index c458e672e51..f9bd9f0e6d6 100644 --- a/2020/1xxx/CVE-2020-1570.json +++ b/2020/1xxx/CVE-2020-1570.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1571.json b/2020/1xxx/CVE-2020-1571.json index 7e0fc5ffbf0..cc22a4d7806 100644 --- a/2020/1xxx/CVE-2020-1571.json +++ b/2020/1xxx/CVE-2020-1571.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
\nA locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nThe security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.
\n" + "value": "An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.\nA locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nThe security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1573.json b/2020/1xxx/CVE-2020-1573.json index 8ad9e4e3ea4..2adafadd0ec 100644 --- a/2020/1xxx/CVE-2020-1573.json +++ b/2020/1xxx/CVE-2020-1573.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1574.json b/2020/1xxx/CVE-2020-1574.json index e71ae136ccf..fe51bd52a77 100644 --- a/2020/1xxx/CVE-2020-1574.json +++ b/2020/1xxx/CVE-2020-1574.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1577.json b/2020/1xxx/CVE-2020-1577.json index feac886f28c..529fb6bd8a5 100644 --- a/2020/1xxx/CVE-2020-1577.json +++ b/2020/1xxx/CVE-2020-1577.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
\nThe security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\nThe security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1578.json b/2020/1xxx/CVE-2020-1578.json index a7d91d6ccf5..872ffab0cfd 100644 --- a/2020/1xxx/CVE-2020-1578.json +++ b/2020/1xxx/CVE-2020-1578.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.
\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
\n" + "value": "An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1579.json b/2020/1xxx/CVE-2020-1579.json index d871278018d..aecf93d79a0 100644 --- a/2020/1xxx/CVE-2020-1579.json +++ b/2020/1xxx/CVE-2020-1579.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1580.json b/2020/1xxx/CVE-2020-1580.json index 0338688b4e5..2b069cf85d0 100644 --- a/2020/1xxx/CVE-2020-1580.json +++ b/2020/1xxx/CVE-2020-1580.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1581.json b/2020/1xxx/CVE-2020-1581.json index 0154fa95e5f..9376f99bbf1 100644 --- a/2020/1xxx/CVE-2020-1581.json +++ b/2020/1xxx/CVE-2020-1581.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1582.json b/2020/1xxx/CVE-2020-1582.json index 0bfbb805e87..d7fb151a629 100644 --- a/2020/1xxx/CVE-2020-1582.json +++ b/2020/1xxx/CVE-2020-1582.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
\nThe security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\nThe security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1583.json b/2020/1xxx/CVE-2020-1583.json index 8b436aa15ce..0ca971830d2 100644 --- a/2020/1xxx/CVE-2020-1583.json +++ b/2020/1xxx/CVE-2020-1583.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1584.json b/2020/1xxx/CVE-2020-1584.json index 7743c37c33e..72c9b9cb3da 100644 --- a/2020/1xxx/CVE-2020-1584.json +++ b/2020/1xxx/CVE-2020-1584.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.\n" } ] }, diff --git a/2020/1xxx/CVE-2020-1585.json b/2020/1xxx/CVE-2020-1585.json index 3479c4d4c0d..f21714f9060 100644 --- a/2020/1xxx/CVE-2020-1585.json +++ b/2020/1xxx/CVE-2020-1585.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" } ] },