Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
643
VMScore

CVE-2020-1054

Published: 21/05/2020 Updated: 28/04/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 643
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows Server 2008

Vulnerability Summary

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows 10 1607

microsoft windows 8.1 -

microsoft windows server 2016 -

microsoft windows server 2008 -

microsoft windows 7 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows 10 -

microsoft windows 10 1709

microsoft windows 10 1803

microsoft windows 10 1809

microsoft windows 10 1903

microsoft windows 10 1909

microsoft windows server 2016 1803

microsoft windows server 2016 1903

microsoft windows server 2016 1909

microsoft windows server 2019 -

Exploits

Exploit DB: Microsoft Windows DrawIconEx Local Privilege Escalation
This Metasploit module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k The out of bounds write can be used to overwrite the pvbits of a SURFOBJ By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user This module has been ...

Github Repositories

https://github.com/Graham382/CVE-2020-1054

Windows 7 LPE

CVE-2020-1054 Windows 7 LPE

https://github.com/Iamgublin/CVE-2020-1054

CVE-2020-1054 CVE-2020-1054 Learning Screenshot Reference 0xeb-bpgithubio/blog/2020/06/15/cve-2020-1054-analysishtml (steal Security token) githubcom/mwrlabs/CVE-2016-7255 (leak function) githubcom/DreamoneOnly/CVE-2019-0808-32-64-exp

https://github.com/HuaiPiqi/CVE-2020-1054

CVE-2020-1054 analysis bbspediycom/thread-260884htm

https://github.com/HongYe-Code/CVE-2020-1054

CVE-2020-1054 analysis bbspediycom/thread-260884htm

https://github.com/0xeb-bp/cve-2020-1054

LPE for CVE-2020-1054 targeting Windows 7 x64

CVE-2020-1054 CVE-2020-1054 LPE for Windows 7x64 Usage Install Rust if you need it wwwrust-lan

References

CWE-787https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.htmlhttps://github.com/Graham382/CVE-2020-1054
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook