7.8

CVE-2020-1378

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1607
MicrosoftWindows 10 Version1709
MicrosoftWindows 10 Version1803
MicrosoftWindows 10 Version1809
MicrosoftWindows 10 Version1903
MicrosoftWindows 10 Version1909
MicrosoftWindows 10 Version2004
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version1903
MicrosoftWindows Server 2016 Version1909
MicrosoftWindows Server 2016 Version2004
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.11% 0.864
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.