CVE-2020-1382

HIGH

Windows 10 and Windows Server 2016 - Elevation of Privilege via Graphics Component Use-After-Free

Title source: llm
STIX 2.1

Description

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-873/

Scores

CVSS v3 7.8
EPSS 0.0616
EPSS Percentile 92.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (6)
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_server_2016 1903
microsoft/windows_server_2016 1909
microsoft/windows_server_2016 2004
Published Jul 14, 2020
Tracked Since Feb 18, 2026