CVE-2020-1507: Microsoft COM for Windows Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.9)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Sep

Released

2020-09-08

EPSS Score

0.95% (percentile: 76.4%)

Description

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.

Affected Products (17)

Other

• 11766
• 11767
• 11768
• 11769
• 11568
• 11569
• 11570
• 11571
• 11572
• 11712
• 11713
• 11714
• 11715
• 11644
• 11645
• 11646
• 11647

Security Updates (3)

• 4571756
• 4570333
• 4574727

Acknowledgments

Rick Veldhoven of Fox-IT Company

Revision History

• 2020-09-08: Information published.