CVE-2020-17087

CVE Published	2020-11-11
Related CWE(s)	CWE-131: Incorrect Calculation of Buffer Size
Related Vendor(s)	microsoft
Related Product(s)	windows_8.1, windows_server_2008, windows_server_2012, windows_10, windows_server_2019, windows_server_2016, windows_7, windows_rt_8.1
Exploitation Reported (CISA KEV)	2021-11-03
CVSS 3 Base Score	7.8 (HIGH)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	LOCAL

Windows Kernel Local Elevation of Privilege Vulnerability

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Buffer Overflow via Parameter Expansion (CAPEC-47)

In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

Overflow Buffers (CAPEC-100)

Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

References

CVE.org

View more information about CVE-2020-17087 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2020-17087 on the NIST NVD.

CISA Known Exploited Vulnerabilities