7.2
CVSSv2

CVE-2020-1048

Published: 21/05/2020 Updated: 26/05/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Windows Print Spooler Elevation of Privilege Vulnerability. An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.

Vulnerability Trend

Github Repositories

No description, website, or topics provided.

No description, website, or topics provided.

Recent Articles

Microsoft fixes vulnerability affecting all Windows versions since 1996
welivesecurity • Amer Owaida • 15 May 2020

A vulnerability in a decades-old Windows component that controls printing on machines running the operating system could be abused by malicious actors to gain elevated privileges on the targeted system, according to security researchers Yarden Shafir and Alex Ionescu.
The flaw, which they dubbed PrintDemon, resides in Windows Print Spooler and affects all Windows versions since Windows NT4.0, released in 1996. The component has remained largely unchanged since; another vulnerability affect...

The Register

Roundup Let's catch you up on infosec news beyond the bits and bytes we've already reported.
A leasing company left a poorly secured database facing the open internet for anyone to find and freely access – and it contained records on assets used by big names, such as Samsung, Rolls-Royce, Tesco, Computacenter, Link Group, Capita, Freightliner, and MC Group, we're told.
The team at TurgenSec informed El Reg over the weekend it found the publicly accessible data cache, operated by an...