7.3

CVE-2020-1574

Microsoft Windows Codecs Library Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
Exploitation of the vulnerability requires that a program process a specially crafted image file.
The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 Version1909
MicrosoftWindows 10 Version2004
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.59% 0.833
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
nvd@nist.gov 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
secure@microsoft.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574
Patch
Vendor Advisory