An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.
| Product | CPU Architecture | Version | Update | Tested |
|---|---|---|---|---|
| Windows 7 | x86/x64 | SP1 | ||
| Windows Rt | ||||
| Windows 8.1 | x86/x64 | |||
| Windows 10 | x86/x64 | |||
| Windows 10 | x86/x64 | 1607 | ||
| Windows 10 | x86/x64 | 1703 | ||
| Windows 10 | x86/x64 | 1709 | ||
| Windows 10 | x86/x64/arm64 | 1803 | ||
| Windows 10 | x86/x64/arm64 | 1809 | ||
| Windows 10 | x86/x64/arm64 | 1903 | ||
| Windows 10 | x86/x64/arm64 | 1909 | ||
| Windows Server 2008 | x86/x64 | R2 | SP1 | |
| Windows Server 2008 | x86/x64 | SP2 | ||
| Windows Server 2012 | R2 | |||
| Windows Server 2012 | ||||
| Windows Server 2016 | ||||
| Windows Server 2019 | ||||
| Windows Server | 1803 | |||
| Windows Server | 1903 | |||
| Windows Server | 1909 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0814
该漏洞并未进行测试,根目录留存着网络收集**[CVE编号].zip**的EXP或者POC,代码状态未知