← back
CVE-2020-1510

Win32k Information Disclosure Vulnerability

CVSS 5.5 MEDIUMEPSS 4.8%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 4.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C