CVE-2020-1027

HIGH KEV

Windows Kernel - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027

Scores

CVSS v3 7.8

EPSS 0.1186

EPSS Percentile 93.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-23

VulnCheck KEV 2020-03-23

InTheWild.io 2020-03-23

ENISA EUVD EUVD-2020-11922

CWE

CWE-787

Status published

Products (19)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1709 (3 CPE variants)

microsoft/windows_10_1803 (3 CPE variants)

microsoft/windows_10_1809 (3 CPE variants)

microsoft/windows_10_1903 (3 CPE variants)

microsoft/windows_10_1909 (3 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 9 more

Published Apr 15, 2020

KEV Added May 23, 2022

Tracked Since Feb 18, 2026