CVE-2020-1464

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html", "name": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html", "name": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/", "name": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": ""}, {"url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/", "name": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": ""}, {"url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd", "name": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd", "name": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.\nIn an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.\nThe update addresses the vulnerability by correcting how Windows validates file signatures.\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-347"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-1464", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2020-08-17T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-04T20:47Z"}