CVE-2020-0728

MEDIUM

Windows 10 and Windows Server 2016/2019 - Information Disclosure via Modules Installer Service

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0728. PoCs published by irsl.

AI-analyzed exploit summary This PoC exploits CVE-2020-0728, a privilege escalation vulnerability in the Windows Modules Installer service. It abuses the Sxs Store Class COM service to bypass file system DAC and read arbitrary files via junction points.

Description

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

Exploits (1)

nomisec WORKING POC 47 stars

by irsl · poc

https://github.com/irsl/CVE-2020-0728

View Code ZIP pw:eip

This PoC exploits CVE-2020-0728, a privilege escalation vulnerability in the Windows Modules Installer service. It abuses the Sxs Store Class COM service to bypass file system DAC and read arbitrary files via junction points.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Modules Installer (TrustedInstaller.exe)

No auth needed

Prerequisites: Local access to the system · Ability to create junction points

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2020/Feb/21

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Feb/16

Scores

CVSS v3 5.5

EPSS 0.0373

EPSS Percentile 88.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (11)

microsoft/windows_10 1607

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_server_2016

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2016 1909

... and 1 more

Published Feb 11, 2020

Tracked Since Feb 18, 2026