← voltar
CVE-2020-17022

Microsoft Windows Codecs Library Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 3.6%
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 3.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 out 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C