CVE-2020-1098— Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-1098
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application.</p>
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Shell 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Shell 基础结构存在安全漏洞,该漏洞源于不正确地处理内存中的对象。攻击者可利用该漏洞控制受影响的系统。以下产品及版本受到影响: Windows 10 2004版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Windows 10 Version 2004 | 10.0.0 ~ publication | cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
II. Public POCs for CVE-2020-1098
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-1098
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2020-09-11 · 129 CVEs total
| CVE-2020-1595 | 9.9 CRITICAL | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1210 | 9.9 CRITICAL | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1523 | 8.9 HIGH | Microsoft SharePoint Server Tampering Vulnerability |
| CVE-2020-1012 | 8.8 HIGH | WinINet API Elevation of Privilege Vulnerability |
| CVE-2020-0922 | 8.8 HIGH | Microsoft COM for Windows Remote Code Execution Vulnerability |
| CVE-2020-1129 | 8.8 HIGH | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| CVE-2020-0761 | 8.8 HIGH | Active Directory Remote Code Execution Vulnerability |
| CVE-2020-0718 | 8.8 HIGH | Active Directory Remote Code Execution Vulnerability |
| CVE-2020-1200 | 8.6 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1452 | 8.6 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1460 | 8.6 HIGH | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2020-1453 | 8.6 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1576 | 8.5 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-16875 | 8.4 HIGH | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2020-1285 | 8.4 HIGH | GDI+ Remote Code Execution Vulnerability |
| CVE-2020-1507 | 7.9 HIGH | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| CVE-2020-1218 | 7.8 HIGH | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2020-1030 | 7.8 HIGH | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2020-1169 | 7.8 HIGH | Windows Runtime Elevation of Privilege Vulnerability |
| CVE-2020-1115 | 7.8 HIGH | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Showing top 20 of 129 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Windows 10 Version 2004
- CVE-2021-31208
Windows Container Manager Service Elevation of Privilege Vul - CVE-2021-31205
Windows SMB Client Security Feature Bypass Vulnerability - CVE-2021-31192
Windows Media Foundation Core Remote Code Execution Vulnerab - CVE-2021-31185
Windows Desktop Bridge Denial of Service Vulnerability - CVE-2021-31169
Windows Container Manager Service Elevation of Privilege Vul
Same vendor: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
V. Comments for CVE-2020-1098
No comments yet