CVE-2020-1506— Windows Start-Up Application Elevation of Privilege Vulnerability

CVSS 6.1 · Medium EPSS 3.36% · P87 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-1506

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Windows Start-Up Application Elevation of Privilege Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: <ul> <li>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. </li> <li>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. </li> </ul> The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Wininit.dll 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Wininit.dll是美国微软（Microsoft）公司的一个代码库。 Wininit.dll中存在授权问题漏洞漏洞，该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。攻击者可利用提升的特权执行代码。以下产品及版本受到影响： Internet Explorer 11版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft	Internet Explorer 11	1.0.0 ~ publication	`cpe:2.3:a:microsoft:internet_explorer:11:-::::::`

II. Public POCs for CVE-2020-1506

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-1506

请登录查看更多情报信息。

Same Patch Batch · Microsoft · 2020-09-11 · 129 CVEs total

CVE-2020-1595	9.9 CRITICAL	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1210	9.9 CRITICAL	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1523	8.9 HIGH	Microsoft SharePoint Server Tampering Vulnerability
CVE-2020-0718	8.8 HIGH	Active Directory Remote Code Execution Vulnerability
CVE-2020-0761	8.8 HIGH	Active Directory Remote Code Execution Vulnerability
CVE-2020-1129	8.8 HIGH	Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1012	8.8 HIGH	WinINet API Elevation of Privilege Vulnerability
CVE-2020-0922	8.8 HIGH	Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2020-1460	8.6 HIGH	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1200	8.6 HIGH	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1452	8.6 HIGH	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1453	8.6 HIGH	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1576	8.5 HIGH	Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1285	8.4 HIGH	GDI+ Remote Code Execution Vulnerability
CVE-2020-16875	8.4 HIGH	Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-1507	7.9 HIGH	Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2020-1039	7.8 HIGH	Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1074	7.8 HIGH	Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1052	7.8 HIGH	Windows Elevation of Privilege Vulnerability
CVE-2020-1115	7.8 HIGH	Windows Common Log File System Driver Elevation of Privilege Vulnerability

Showing top 20 of 129 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Internet Explorer 11

Same vendor: Microsoft

V. Comments for CVE-2020-1506

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-1506— Windows Start-Up Application Elevation of Privilege Vulnerability

I. Basic Information for CVE-2020-1506

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-1506

III. Intelligence Information for CVE-2020-1506

Same Patch Batch · Microsoft · 2020-09-11 · 129 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-1506

Leave a comment