Windows User Account Profile Picture Elevation of Privilege Vulnerability

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00644
Percentile: 0.69699

CVSS Scoring

Mapped CWE(s)

• CWE-59 : Improper Link Resolution Before File Access ('Link Following')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1547.009 : Shortcut Modification
  Kill Chain: persistence
• T1574.005 : Executable Installer File Permissions Weakness
  Kill Chain: persistence
• T1574.010 : Services File Permissions Weakness
  Kill Chain: persistence
• T1027.006 : HTML Smuggling
  Kill Chain: defense-evasion
• T1027.009 : Embedded Payloads
  Kill Chain: defense-evasion
• T1564.009 : Resource Forking
  Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

← Back to Home