Rewterz Threat Advisory – Windows 10 themes can be abused to steal Windows passwords
September 8, 2020Rewterz Threat Advisory – CVE-2020-1596 – TLS Information Disclosure Vulnerability
September 9, 2020Rewterz Threat Advisory – Windows 10 themes can be abused to steal Windows passwords
September 8, 2020Rewterz Threat Advisory – CVE-2020-1596 – TLS Information Disclosure Vulnerability
September 9, 2020Severity
Medium
Analysis Summary
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
Impact
Remote Code Execution
Affected Vendors
Microsoft
Affected Products
- Internet Explorer
- Microsoft Edge (Chromium)
Remediation
Refer to Microsoft advisory for the complete list of affected products and their respective patches.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16884