Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Windows Runtime Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Microsoft ActiveX Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Visual Studio Code Remote Code Execution Vulnerability
Tablet Windows User Interface Application Elevation of Privilege Vulnerability
Azure Stack Hub Elevation of Privilege Vulnerability
Microsoft Visio Security Feature Bypass Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Visual Studio Code Remote Code Execution Vulnerability
<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p> <p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Word handles these files.</p>
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p> <p>To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.</p>
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p>
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Windows MSHTML Platform Security Feature Bypass Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Visual Studio Denial of Service Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Win32k Elevation of Privilege Vulnerability