5.5
CVSSv3

CVE-2020-16938

Published: 16/10/2020 Updated: 20/10/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to obtain sensitive information, caused by improper handling of objects in memory by the Kernel. By executing a specially crafted application, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 2004

microsoft windows server 2016 2004

Github Repositories

My tools

Armory attacking Recaptcha portswiggernet/research/cracking-recaptcha-turbo-intruder-style CVE Download files NFS githubcom/ioncodes/CVE-2020-16938git OSINT Packet 2019 githubcom/qemm/armory/blob/master/OSINT_Packet_2019pdf LFI WRAPPERS githubcom/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion s3 crhon githubcom

Bypassing NTFS permissions to read any files as unprivileged user.

CVE-2020-16938 CVE-2020-16938 is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user The bug was originally found and reported by my friend Jonas His PoC can be found here My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

Recent Articles

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Threatpost • Tara Seals • 13 Oct 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, ...

Microsoft October 2020 Patch Tuesday fixes 87 security bugs
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up.
With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about
.
Of the 87 vulnerabilities fixed today, 12 are classified as Critical, and 74 are classified as Important, and one as moderate.
For inform...

Microsoft October 2020 Patch Tuesday fixes 87 security bugs
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up.
With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about
.
Of the 87 vulnerabilities fixed today, 12 are classified as Critical, and 74 are classified as Important, and one as moderate.
For inform...