CVE-2020-9858

HIGH

Windows Migration Assistant < 2.2.0.0 - Unauthenticated Arbitrary Code Execution via Dynamic Library Loading

Title source: llm
STIX 2.1

Description

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211186

Scores

CVSS v3 7.8
EPSS 0.0047
EPSS Percentile 36.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (1)
apple/windows_migration_assistant < 2.2.0.0
Published Jun 09, 2020
Tracked Since Feb 18, 2026