PT-2020-2281 · Microsoft · Onedrive For Windows

Zhiniang Peng

Published

2020-04-14

Updated

2020-04-21

CVE-2020-0935

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions OneDrive for Windows (affected versions not specified)

Description The issue arises from the improper handling of symbolic links by the OneDrive for Windows Desktop application, potentially allowing an attacker to elevate their privileges using a specially crafted application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-02227

CVE-2020-0935

Affected Products

Onedrive For Windows

PT-2020-2281 · Microsoft · Onedrive For Windows

CVE-2020-0935

Weakness Enumeration

Related Identifiers

Affected Products

References · 3