CVE-2020-0683

HIGH KEV

Microsoft Windows 10 1507 - Symlink Following

Title source: rule

Description

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.

Exploits (4)

exploitdb WRITEUP

by nu11secur1ty · textlocalwindows

https://www.exploit-db.com/exploits/48079

View Code ZIP pw:eip

nomisec WORKING POC 338 stars

by padovah4ck · local

https://github.com/padovah4ck/CVE-2020-0683

View Code ZIP pw:eip

patchapalooza WORKING POC

by mirrors_padovah4ck · poc

https://gitee.com/mirrors_padovah4ck/CVE-2020-0683

View Code ZIP pw:eip

patchapalooza STUB

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0683

Scores

CVSS v3 7.8

EPSS 0.3446

EPSS Percentile 97.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-2176

CWE

CWE-59

Status published

Products (19)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1709 (3 CPE variants)

microsoft/windows_10_1803 (3 CPE variants)

microsoft/windows_10_1809 (3 CPE variants)

microsoft/windows_10_1903 (3 CPE variants)

microsoft/windows_10_1909 (3 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 9 more

Published Feb 11, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026