CVE-2020-1362

HIGH

Windows WalletService - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1362. PoCs published by asdyxcyxc.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-1362, which involves a DLL hijacking vulnerability. The exploit includes a DLL and an executable that spawns a command shell, demonstrating remote code execution (RCE) capabilities.

Description

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.

Exploits (1)

nomisec WORKING POC
by asdyxcyxc · poc
https://github.com/asdyxcyxc/CVE-2020-1362

This repository contains a proof-of-concept exploit for CVE-2020-1362, which involves a DLL hijacking vulnerability. The exploit includes a DLL and an executable that spawns a command shell, demonstrating remote code execution (RCE) capabilities.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows systems vulnerable to DLL hijacking (specific software not explicitly mentioned)
No auth needed
Prerequisites: Ability to place a malicious DLL in a location where it will be loaded by a vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.1326
EPSS Percentile 94.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (13)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_server_2016
microsoft/windows_server_2016 1903
... and 3 more
Published Jul 14, 2020
Tracked Since Feb 18, 2026