← back
CVE-2020-1574

Microsoft Windows Codecs Library Remote Code Execution Vulnerability

CVSS 5.5 MEDIUMEPSS 2.6%CWE-119
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 2.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1909Microsoft · Windows 10 Version 2004

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574